4/17/2020 11:55:19 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4032 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4032 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 4032 Operation ID: {0,2281342} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar738.tmp Handle ID: 3956 Operation ID: {0,2253802} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab737.tmp Handle ID: 3956 Operation ID: {0,2253799} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar738.tmp Handle ID: 3956 Operation ID: {0,2253791} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar738.tmp Handle ID: 3044 Operation ID: {0,2253769} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab737.tmp Handle ID: 3956 Operation ID: {0,2253766} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab737.tmp Handle ID: 2700 Operation ID: {0,2253765} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab737.tmp Handle ID: 2700 Operation ID: {0,2253758} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar738.tmp Handle ID: 2700 Operation ID: {0,2253755} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab737.tmp Handle ID: 2700 Operation ID: {0,2253751} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3184 Operation ID: {0,2253700} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3184 Operation ID: {0,2253627} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar736.tmp Handle ID: 3116 Operation ID: {0,2253570} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab735.tmp Handle ID: 3116 Operation ID: {0,2253563} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar736.tmp Handle ID: 3116 Operation ID: {0,2253558} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar736.tmp Handle ID: 3956 Operation ID: {0,2253535} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab735.tmp Handle ID: 3116 Operation ID: {0,2253532} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab735.tmp Handle ID: 3864 Operation ID: {0,2253531} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab735.tmp Handle ID: 3864 Operation ID: {0,2253524} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar736.tmp Handle ID: 3864 Operation ID: {0,2253521} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab735.tmp Handle ID: 3864 Operation ID: {0,2253517} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,2253484} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,2253448} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3184 Operation ID: {0,2253407} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2700 Operation ID: {0,2253352} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar734.tmp Handle ID: 3864 Operation ID: {0,2253325} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab733.tmp Handle ID: 3864 Operation ID: {0,2253320} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar734.tmp Handle ID: 3864 Operation ID: {0,2253315} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar734.tmp Handle ID: 2700 Operation ID: {0,2253298} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab733.tmp Handle ID: 3864 Operation ID: {0,2253295} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab733.tmp Handle ID: 1784 Operation ID: {0,2253294} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab733.tmp Handle ID: 1784 Operation ID: {0,2253285} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar734.tmp Handle ID: 1784 Operation ID: {0,2253284} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab733.tmp Handle ID: 1784 Operation ID: {0,2253280} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3184 Operation ID: {0,2253229} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3184 Operation ID: {0,2253132} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar732.tmp Handle ID: 2700 Operation ID: {0,2253086} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab731.tmp Handle ID: 2700 Operation ID: {0,2253081} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar732.tmp Handle ID: 2700 Operation ID: {0,2253076} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar732.tmp Handle ID: 1784 Operation ID: {0,2253061} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab731.tmp Handle ID: 2700 Operation ID: {0,2253058} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab731.tmp Handle ID: 1620 Operation ID: {0,2253057} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab731.tmp Handle ID: 1620 Operation ID: {0,2253050} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar732.tmp Handle ID: 1620 Operation ID: {0,2253047} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab731.tmp Handle ID: 1620 Operation ID: {0,2253031} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1784 Operation ID: {0,2252998} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1784 Operation ID: {0,2252962} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3184 Operation ID: {0,2252921} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3216 Operation ID: {0,2252734} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar730.tmp Handle ID: 1784 Operation ID: {0,2252707} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab72F.tmp Handle ID: 1784 Operation ID: {0,2252700} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar730.tmp Handle ID: 1784 Operation ID: {0,2252693} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar730.tmp Handle ID: 3216 Operation ID: {0,2252680} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab72F.tmp Handle ID: 1784 Operation ID: {0,2252677} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab72F.tmp Handle ID: 3844 Operation ID: {0,2252676} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab72F.tmp Handle ID: 3844 Operation ID: {0,2252669} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar730.tmp Handle ID: 3844 Operation ID: {0,2252666} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab72F.tmp Handle ID: 3844 Operation ID: {0,2252662} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3212 Operation ID: {0,2252611} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3196 Operation ID: {0,2252525} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar72E.tmp Handle ID: 3216 Operation ID: {0,2252479} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab72D.tmp Handle ID: 3216 Operation ID: {0,2252474} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar72E.tmp Handle ID: 3216 Operation ID: {0,2252467} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar72E.tmp Handle ID: 3844 Operation ID: {0,2252453} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab72D.tmp Handle ID: 3216 Operation ID: {0,2252450} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab72D.tmp Handle ID: 3116 Operation ID: {0,2252449} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab72D.tmp Handle ID: 3116 Operation ID: {0,2252442} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar72E.tmp Handle ID: 3116 Operation ID: {0,2252439} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab72D.tmp Handle ID: 3116 Operation ID: {0,2252435} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3844 Operation ID: {0,2252402} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3844 Operation ID: {0,2252366} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3196 Operation ID: {0,2252325} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3184 Operation ID: {0,2252246} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar72C.tmp Handle ID: 3116 Operation ID: {0,2252221} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab72B.tmp Handle ID: 3116 Operation ID: {0,2252214} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar72C.tmp Handle ID: 3116 Operation ID: {0,2252209} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar72C.tmp Handle ID: 3184 Operation ID: {0,2252194} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab72B.tmp Handle ID: 3116 Operation ID: {0,2252191} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab72B.tmp Handle ID: 3864 Operation ID: {0,2252190} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab72B.tmp Handle ID: 3864 Operation ID: {0,2252183} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar72C.tmp Handle ID: 3864 Operation ID: {0,2252177} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab72B.tmp Handle ID: 3864 Operation ID: {0,2252173} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3196 Operation ID: {0,2252113} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3196 Operation ID: {0,2252028} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar72A.tmp Handle ID: 3864 Operation ID: {0,2251984} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab729.tmp Handle ID: 3864 Operation ID: {0,2251977} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar72A.tmp Handle ID: 3864 Operation ID: {0,2251970} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar72A.tmp Handle ID: 3116 Operation ID: {0,2251957} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab729.tmp Handle ID: 3864 Operation ID: {0,2251954} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab729.tmp Handle ID: 3044 Operation ID: {0,2251953} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab729.tmp Handle ID: 3044 Operation ID: {0,2251946} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar72A.tmp Handle ID: 3044 Operation ID: {0,2251943} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab729.tmp Handle ID: 3044 Operation ID: {0,2251939} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3116 Operation ID: {0,2251906} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3116 Operation ID: {0,2251870} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3196 Operation ID: {0,2251826} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar728.tmp Handle ID: 1784 Operation ID: {0,2251757} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab727.tmp Handle ID: 1784 Operation ID: {0,2251750} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar728.tmp Handle ID: 1784 Operation ID: {0,2251743} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar728.tmp Handle ID: 3956 Operation ID: {0,2251728} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab727.tmp Handle ID: 1784 Operation ID: {0,2251725} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab727.tmp Handle ID: 3044 Operation ID: {0,2251724} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab727.tmp Handle ID: 3044 Operation ID: {0,2251713} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar728.tmp Handle ID: 3044 Operation ID: {0,2251710} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab727.tmp Handle ID: 3044 Operation ID: {0,2251706} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3196 Operation ID: {0,2251655} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3196 Operation ID: {0,2251592} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar726.tmp Handle ID: 3956 Operation ID: {0,2251548} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab725.tmp Handle ID: 3956 Operation ID: {0,2251541} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar726.tmp Handle ID: 3956 Operation ID: {0,2251536} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar726.tmp Handle ID: 3044 Operation ID: {0,2251523} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab725.tmp Handle ID: 3956 Operation ID: {0,2251520} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab725.tmp Handle ID: 3844 Operation ID: {0,2251519} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab725.tmp Handle ID: 3844 Operation ID: {0,2251512} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar726.tmp Handle ID: 3844 Operation ID: {0,2251509} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab725.tmp Handle ID: 3844 Operation ID: {0,2251505} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3044 Operation ID: {0,2251472} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3044 Operation ID: {0,2251436} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3044 Operation ID: {0,2251395} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar724.tmp Handle ID: 3248 Operation ID: {0,2250825} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab723.tmp Handle ID: 3248 Operation ID: {0,2250817} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar724.tmp Handle ID: 3248 Operation ID: {0,2250807} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar724.tmp Handle ID: 3844 Operation ID: {0,2250794} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab723.tmp Handle ID: 3248 Operation ID: {0,2250791} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab723.tmp Handle ID: 3476 Operation ID: {0,2250790} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab723.tmp Handle ID: 3476 Operation ID: {0,2250783} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar724.tmp Handle ID: 3476 Operation ID: {0,2250780} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab723.tmp Handle ID: 3476 Operation ID: {0,2250776} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1620 Operation ID: {0,2250725} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3196 Operation ID: {0,2250650} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar722.tmp Handle ID: 3844 Operation ID: {0,2250578} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab721.tmp Handle ID: 3844 Operation ID: {0,2250573} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar722.tmp Handle ID: 3844 Operation ID: {0,2250568} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar722.tmp Handle ID: 3216 Operation ID: {0,2250559} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab721.tmp Handle ID: 3844 Operation ID: {0,2250554} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab721.tmp Handle ID: 3476 Operation ID: {0,2250553} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab721.tmp Handle ID: 3476 Operation ID: {0,2250546} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar722.tmp Handle ID: 3476 Operation ID: {0,2250543} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab721.tmp Handle ID: 3476 Operation ID: {0,2250527} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3216 Operation ID: {0,2250494} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3216 Operation ID: {0,2250458} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1620 Operation ID: {0,2250417} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3116 Operation ID: {0,2250363} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar720.tmp Handle ID: 3216 Operation ID: {0,2250342} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab71F.tmp Handle ID: 3216 Operation ID: {0,2250341} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar720.tmp Handle ID: 3216 Operation ID: {0,2250340} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar720.tmp Handle ID: 3116 Operation ID: {0,2250329} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab71F.tmp Handle ID: 3216 Operation ID: {0,2250326} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab71F.tmp Handle ID: 2700 Operation ID: {0,2250325} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab71F.tmp Handle ID: 2700 Operation ID: {0,2250318} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar720.tmp Handle ID: 2700 Operation ID: {0,2250315} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab71F.tmp Handle ID: 2700 Operation ID: {0,2250311} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3196 Operation ID: {0,2250260} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3196 Operation ID: {0,2250168} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar71E.tmp Handle ID: 3476 Operation ID: {0,2250124} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab71D.tmp Handle ID: 3476 Operation ID: {0,2250123} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar71E.tmp Handle ID: 3476 Operation ID: {0,2250122} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar71E.tmp Handle ID: 2700 Operation ID: {0,2250121} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab71D.tmp Handle ID: 3476 Operation ID: {0,2250120} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab71D.tmp Handle ID: 3184 Operation ID: {0,2250119} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab71D.tmp Handle ID: 3184 Operation ID: {0,2250116} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar71E.tmp Handle ID: 3184 Operation ID: {0,2250115} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab71D.tmp Handle ID: 3184 Operation ID: {0,2250108} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2700 Operation ID: {0,2250063} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2700 Operation ID: {0,2250027} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1620 Operation ID: {0,2249986} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3044 Operation ID: {0,2248985} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar71C.tmp Handle ID: 3184 Operation ID: {0,2248926} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab71B.tmp Handle ID: 3184 Operation ID: {0,2248921} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar71C.tmp Handle ID: 3184 Operation ID: {0,2248916} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar71C.tmp Handle ID: 3044 Operation ID: {0,2248903} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab71B.tmp Handle ID: 3184 Operation ID: {0,2248900} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab71B.tmp Handle ID: 3248 Operation ID: {0,2248899} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab71B.tmp Handle ID: 3248 Operation ID: {0,2248892} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar71C.tmp Handle ID: 3248 Operation ID: {0,2248889} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab71B.tmp Handle ID: 3248 Operation ID: {0,2248885} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1620 Operation ID: {0,2248822} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3196 Operation ID: {0,2248745} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar71A.tmp Handle ID: 3248 Operation ID: {0,2248700} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab719.tmp Handle ID: 3248 Operation ID: {0,2248693} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar71A.tmp Handle ID: 3248 Operation ID: {0,2248686} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar71A.tmp Handle ID: 3844 Operation ID: {0,2248675} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab719.tmp Handle ID: 3248 Operation ID: {0,2248672} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab719.tmp Handle ID: 3184 Operation ID: {0,2248671} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab719.tmp Handle ID: 3184 Operation ID: {0,2248664} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar71A.tmp Handle ID: 3184 Operation ID: {0,2248661} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab719.tmp Handle ID: 3184 Operation ID: {0,2248657} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3844 Operation ID: {0,2248624} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3844 Operation ID: {0,2248588} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3212 Operation ID: {0,2248547} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3116 Operation ID: {0,2248485} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar718.tmp Handle ID: 3844 Operation ID: {0,2248451} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab717.tmp Handle ID: 3844 Operation ID: {0,2248444} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar718.tmp Handle ID: 3844 Operation ID: {0,2248439} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar718.tmp Handle ID: 3116 Operation ID: {0,2248426} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab717.tmp Handle ID: 3844 Operation ID: {0,2248423} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab717.tmp Handle ID: 3864 Operation ID: {0,2248422} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab717.tmp Handle ID: 3864 Operation ID: {0,2248415} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar718.tmp Handle ID: 3864 Operation ID: {0,2248412} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab717.tmp Handle ID: 3864 Operation ID: {0,2248408} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1620 Operation ID: {0,2248345} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1620 Operation ID: {0,2248272} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar716.tmp Handle ID: 3184 Operation ID: {0,2248214} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab715.tmp Handle ID: 3184 Operation ID: {0,2248209} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar716.tmp Handle ID: 3184 Operation ID: {0,2248204} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar716.tmp Handle ID: 3844 Operation ID: {0,2248191} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab715.tmp Handle ID: 3184 Operation ID: {0,2248190} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab715.tmp Handle ID: 1784 Operation ID: {0,2248189} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab715.tmp Handle ID: 1784 Operation ID: {0,2248182} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar716.tmp Handle ID: 1784 Operation ID: {0,2248179} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab715.tmp Handle ID: 1784 Operation ID: {0,2248175} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3844 Operation ID: {0,2248142} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3844 Operation ID: {0,2248106} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1620 Operation ID: {0,2248065} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar714.tmp Handle ID: 1784 Operation ID: {0,2248020} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab713.tmp Handle ID: 1784 Operation ID: {0,2248013} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar714.tmp Handle ID: 1784 Operation ID: {0,2248010} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar714.tmp Handle ID: 3044 Operation ID: {0,2247999} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab713.tmp Handle ID: 1784 Operation ID: {0,2247996} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab713.tmp Handle ID: 3216 Operation ID: {0,2247995} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab713.tmp Handle ID: 3216 Operation ID: {0,2247986} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar714.tmp Handle ID: 3216 Operation ID: {0,2247985} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab713.tmp Handle ID: 3216 Operation ID: {0,2247981} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1620 Operation ID: {0,2247930} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1784 Operation ID: {0,2247841} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar712.tmp Handle ID: 3044 Operation ID: {0,2247792} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab711.tmp Handle ID: 3044 Operation ID: {0,2247787} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar712.tmp Handle ID: 3044 Operation ID: {0,2247782} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar712.tmp Handle ID: 3476 Operation ID: {0,2247771} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab711.tmp Handle ID: 3044 Operation ID: {0,2247768} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab711.tmp Handle ID: 3864 Operation ID: {0,2247767} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab711.tmp Handle ID: 3864 Operation ID: {0,2247758} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar712.tmp Handle ID: 3864 Operation ID: {0,2247757} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab711.tmp Handle ID: 3864 Operation ID: {0,2247753} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,2247720} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,2247684} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,2247645} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar710.tmp Handle ID: 3916 Operation ID: {0,2247327} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab70F.tmp Handle ID: 3916 Operation ID: {0,2247326} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar710.tmp Handle ID: 3916 Operation ID: {0,2247325} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar710.tmp Handle ID: 3844 Operation ID: {0,2247324} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab70F.tmp Handle ID: 3916 Operation ID: {0,2247323} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab70F.tmp Handle ID: 3956 Operation ID: {0,2247322} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab70F.tmp Handle ID: 3956 Operation ID: {0,2247319} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar710.tmp Handle ID: 3956 Operation ID: {0,2247318} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab70F.tmp Handle ID: 3956 Operation ID: {0,2247316} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3068 Operation ID: {0,2247267} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3068 Operation ID: {0,2247206} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar70E.tmp Handle ID: 3216 Operation ID: {0,2247162} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab70D.tmp Handle ID: 3216 Operation ID: {0,2247155} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar70E.tmp Handle ID: 3216 Operation ID: {0,2247150} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar70E.tmp Handle ID: 3916 Operation ID: {0,2247135} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab70D.tmp Handle ID: 3216 Operation ID: {0,2247132} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab70D.tmp Handle ID: 3248 Operation ID: {0,2247131} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab70D.tmp Handle ID: 3248 Operation ID: {0,2247124} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar70E.tmp Handle ID: 3248 Operation ID: {0,2247121} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab70D.tmp Handle ID: 3248 Operation ID: {0,2247117} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3916 Operation ID: {0,2247084} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3916 Operation ID: {0,2247048} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3068 Operation ID: {0,2247007} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,2246951} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar70C.tmp Handle ID: 3248 Operation ID: {0,2246926} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab70B.tmp Handle ID: 3248 Operation ID: {0,2246921} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar70C.tmp Handle ID: 3248 Operation ID: {0,2246918} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar70C.tmp Handle ID: 3956 Operation ID: {0,2246905} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab70B.tmp Handle ID: 3248 Operation ID: {0,2246902} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab70B.tmp Handle ID: 3184 Operation ID: {0,2246901} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab70B.tmp Handle ID: 3184 Operation ID: {0,2246894} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar70C.tmp Handle ID: 3184 Operation ID: {0,2246891} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab70B.tmp Handle ID: 3184 Operation ID: {0,2246887} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3068 Operation ID: {0,2246836} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3068 Operation ID: {0,2246763} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar70A.tmp Handle ID: 3956 Operation ID: {0,2246733} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab709.tmp Handle ID: 3956 Operation ID: {0,2246728} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar70A.tmp Handle ID: 3956 Operation ID: {0,2246723} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar70A.tmp Handle ID: 3184 Operation ID: {0,2246710} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab709.tmp Handle ID: 3956 Operation ID: {0,2246707} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab709.tmp Handle ID: 3864 Operation ID: {0,2246706} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab709.tmp Handle ID: 3864 Operation ID: {0,2246698} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar70A.tmp Handle ID: 3864 Operation ID: {0,2246696} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab709.tmp Handle ID: 3864 Operation ID: {0,2246692} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3184 Operation ID: {0,2246659} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3184 Operation ID: {0,2246623} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3068 Operation ID: {0,2246579} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,2246529} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar708.tmp Handle ID: 3184 Operation ID: {0,2246496} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab707.tmp Handle ID: 3184 Operation ID: {0,2246491} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar708.tmp Handle ID: 3184 Operation ID: {0,2246484} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar708.tmp Handle ID: 3476 Operation ID: {0,2246471} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab707.tmp Handle ID: 3184 Operation ID: {0,2246468} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab707.tmp Handle ID: 3844 Operation ID: {0,2246467} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab707.tmp Handle ID: 3844 Operation ID: {0,2246458} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar708.tmp Handle ID: 3844 Operation ID: {0,2246455} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab707.tmp Handle ID: 3844 Operation ID: {0,2246451} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3068 Operation ID: {0,2246400} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3068 Operation ID: {0,2246326} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar706.tmp Handle ID: 3864 Operation ID: {0,2246294} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab705.tmp Handle ID: 3864 Operation ID: {0,2246287} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar706.tmp Handle ID: 3864 Operation ID: {0,2246280} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar706.tmp Handle ID: 3184 Operation ID: {0,2246267} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab705.tmp Handle ID: 3864 Operation ID: {0,2246264} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab705.tmp Handle ID: 3916 Operation ID: {0,2246263} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab705.tmp Handle ID: 3916 Operation ID: {0,2246254} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar706.tmp Handle ID: 3916 Operation ID: {0,2246253} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab705.tmp Handle ID: 3916 Operation ID: {0,2246249} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3184 Operation ID: {0,2246216} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3184 Operation ID: {0,2246180} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3068 Operation ID: {0,2246139} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3844 Operation ID: {0,2246086} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar704.tmp Handle ID: 3916 Operation ID: {0,2246065} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab703.tmp Handle ID: 3916 Operation ID: {0,2246064} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar704.tmp Handle ID: 3916 Operation ID: {0,2246063} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar704.tmp Handle ID: 3844 Operation ID: {0,2246061} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab703.tmp Handle ID: 3916 Operation ID: {0,2246060} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab703.tmp Handle ID: 3248 Operation ID: {0,2246059} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab703.tmp Handle ID: 3248 Operation ID: {0,2246056} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar704.tmp Handle ID: 3248 Operation ID: {0,2246055} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab703.tmp Handle ID: 3248 Operation ID: {0,2246053} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3068 Operation ID: {0,2246004} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3068 Operation ID: {0,2245943} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar702.tmp Handle ID: 3844 Operation ID: {0,2245897} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab701.tmp Handle ID: 3844 Operation ID: {0,2245892} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar702.tmp Handle ID: 3844 Operation ID: {0,2245887} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar702.tmp Handle ID: 3248 Operation ID: {0,2245862} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab701.tmp Handle ID: 3844 Operation ID: {0,2245859} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab701.tmp Handle ID: 3956 Operation ID: {0,2245858} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab701.tmp Handle ID: 3956 Operation ID: {0,2245851} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar702.tmp Handle ID: 3956 Operation ID: {0,2245848} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab701.tmp Handle ID: 3956 Operation ID: {0,2245844} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3248 Operation ID: {0,2245811} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3248 Operation ID: {0,2245775} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3068 Operation ID: {0,2245734} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar700.tmp Handle ID: 3248 Operation ID: {0,2245700} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6FF.tmp Handle ID: 3248 Operation ID: {0,2245695} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar700.tmp Handle ID: 3248 Operation ID: {0,2245690} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar700.tmp Handle ID: 3216 Operation ID: {0,2245677} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6FF.tmp Handle ID: 3248 Operation ID: {0,2245674} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6FF.tmp Handle ID: 3476 Operation ID: {0,2245673} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6FF.tmp Handle ID: 3476 Operation ID: {0,2245666} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar700.tmp Handle ID: 3476 Operation ID: {0,2245663} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6FF.tmp Handle ID: 3476 Operation ID: {0,2245659} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3068 Operation ID: {0,2245608} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3068 Operation ID: {0,2245547} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6FE.tmp Handle ID: 3956 Operation ID: {0,2245503} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6FD.tmp Handle ID: 3956 Operation ID: {0,2245496} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6FE.tmp Handle ID: 3956 Operation ID: {0,2245491} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6FE.tmp Handle ID: 3248 Operation ID: {0,2245478} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6FD.tmp Handle ID: 3956 Operation ID: {0,2245473} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6FD.tmp Handle ID: 3184 Operation ID: {0,2245472} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6FD.tmp Handle ID: 3184 Operation ID: {0,2245465} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6FE.tmp Handle ID: 3184 Operation ID: {0,2245462} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6FD.tmp Handle ID: 3184 Operation ID: {0,2245458} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3248 Operation ID: {0,2245413} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3248 Operation ID: {0,2245377} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:55:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:55:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3248 Operation ID: {0,2245338} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6FC.tmp Handle ID: 3844 Operation ID: {0,2241123} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6FB.tmp Handle ID: 3844 Operation ID: {0,2241118} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6FC.tmp Handle ID: 3844 Operation ID: {0,2241113} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6FC.tmp Handle ID: 3804 Operation ID: {0,2241100} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6FB.tmp Handle ID: 3844 Operation ID: {0,2241097} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6FB.tmp Handle ID: 3116 Operation ID: {0,2241096} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6FB.tmp Handle ID: 3116 Operation ID: {0,2241089} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6FC.tmp Handle ID: 3116 Operation ID: {0,2241086} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6FB.tmp Handle ID: 3116 Operation ID: {0,2241082} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3068 Operation ID: {0,2241031} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1620 Operation ID: {0,2240968} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6FA.tmp Handle ID: 1784 Operation ID: {0,2240915} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6F9.tmp Handle ID: 1784 Operation ID: {0,2240914} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6FA.tmp Handle ID: 1784 Operation ID: {0,2240913} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6FA.tmp Handle ID: 3116 Operation ID: {0,2240904} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6F9.tmp Handle ID: 1784 Operation ID: {0,2240899} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6F9.tmp Handle ID: 3216 Operation ID: {0,2240898} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6F9.tmp Handle ID: 3216 Operation ID: {0,2240890} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6FA.tmp Handle ID: 3216 Operation ID: {0,2240888} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6F9.tmp Handle ID: 3216 Operation ID: {0,2240823} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1784 Operation ID: {0,2240790} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1784 Operation ID: {0,2240754} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3068 Operation ID: {0,2240713} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3272 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3272 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3272 Operation ID: {0,2240657} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6F8.tmp Handle ID: 1784 Operation ID: {0,2240630} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6F7.tmp Handle ID: 1784 Operation ID: {0,2240623} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6F8.tmp Handle ID: 1784 Operation ID: {0,2240616} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3272 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3272 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3272 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6F8.tmp Handle ID: 3272 Operation ID: {0,2240603} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6F7.tmp Handle ID: 1784 Operation ID: {0,2240600} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6F7.tmp Handle ID: 3116 Operation ID: {0,2240599} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6F7.tmp Handle ID: 3116 Operation ID: {0,2240592} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6F8.tmp Handle ID: 3116 Operation ID: {0,2240589} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6F7.tmp Handle ID: 3116 Operation ID: {0,2240585} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3068 Operation ID: {0,2240534} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3068 Operation ID: {0,2240457} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6F6.tmp Handle ID: 3804 Operation ID: {0,2240396} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6F5.tmp Handle ID: 3804 Operation ID: {0,2240389} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6F6.tmp Handle ID: 3804 Operation ID: {0,2240386} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6F6.tmp Handle ID: 3864 Operation ID: {0,2240373} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6F5.tmp Handle ID: 3804 Operation ID: {0,2240370} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6F5.tmp Handle ID: 3248 Operation ID: {0,2240369} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6F5.tmp Handle ID: 3248 Operation ID: {0,2240362} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6F6.tmp Handle ID: 3248 Operation ID: {0,2240359} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6F5.tmp Handle ID: 3248 Operation ID: {0,2240355} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3864 Operation ID: {0,2240322} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3864 Operation ID: {0,2240285} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3068 Operation ID: {0,2240246} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1784 Operation ID: {0,2240186} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6F4.tmp Handle ID: 3864 Operation ID: {0,2240159} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6F3.tmp Handle ID: 3864 Operation ID: {0,2240154} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6F4.tmp Handle ID: 3864 Operation ID: {0,2240149} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6F4.tmp Handle ID: 1784 Operation ID: {0,2240136} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6F3.tmp Handle ID: 3864 Operation ID: {0,2240131} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6F3.tmp Handle ID: 3476 Operation ID: {0,2240130} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6F3.tmp Handle ID: 3476 Operation ID: {0,2240123} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6F4.tmp Handle ID: 3476 Operation ID: {0,2240118} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6F3.tmp Handle ID: 3476 Operation ID: {0,2240114} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3068 Operation ID: {0,2240063} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3068 Operation ID: {0,2239973} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6F2.tmp Handle ID: 1784 Operation ID: {0,2239928} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6F1.tmp Handle ID: 1784 Operation ID: {0,2239921} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6F2.tmp Handle ID: 1784 Operation ID: {0,2239916} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6F2.tmp Handle ID: 3476 Operation ID: {0,2239903} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6F1.tmp Handle ID: 1784 Operation ID: {0,2239898} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6F1.tmp Handle ID: 3044 Operation ID: {0,2239897} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6F1.tmp Handle ID: 3044 Operation ID: {0,2239890} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6F2.tmp Handle ID: 3044 Operation ID: {0,2239887} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6F1.tmp Handle ID: 3044 Operation ID: {0,2239883} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,2239850} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,2239814} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3068 Operation ID: {0,2239773} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3044 Operation ID: {0,2239390} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6F0.tmp Handle ID: 3216 Operation ID: {0,2239365} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6EF.tmp Handle ID: 3216 Operation ID: {0,2239358} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6F0.tmp Handle ID: 3216 Operation ID: {0,2239353} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6F0.tmp Handle ID: 3044 Operation ID: {0,2239328} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6EF.tmp Handle ID: 3216 Operation ID: {0,2239325} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6EF.tmp Handle ID: 2700 Operation ID: {0,2239324} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6EF.tmp Handle ID: 2700 Operation ID: {0,2239317} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6F0.tmp Handle ID: 2700 Operation ID: {0,2239314} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6EF.tmp Handle ID: 2700 Operation ID: {0,2239310} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3844 Operation ID: {0,2239259} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3844 Operation ID: {0,2239157} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6EE.tmp Handle ID: 3044 Operation ID: {0,2239123} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6ED.tmp Handle ID: 3044 Operation ID: {0,2239116} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6EE.tmp Handle ID: 3044 Operation ID: {0,2239109} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3272 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6EE.tmp Handle ID: 2700 Operation ID: {0,2239086} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3272 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6ED.tmp Handle ID: 3044 Operation ID: {0,2239081} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6ED.tmp Handle ID: 3272 Operation ID: {0,2239080} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3272 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3272 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6ED.tmp Handle ID: 3272 Operation ID: {0,2239075} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3272 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6EE.tmp Handle ID: 3272 Operation ID: {0,2239072} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3272 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6ED.tmp Handle ID: 3272 Operation ID: {0,2239051} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2700 Operation ID: {0,2239009} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2700 Operation ID: {0,2238973} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3844 Operation ID: {0,2238932} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6EC.tmp Handle ID: 2700 Operation ID: {0,2238900} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6EB.tmp Handle ID: 2700 Operation ID: {0,2238895} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6EC.tmp Handle ID: 2700 Operation ID: {0,2238888} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6EC.tmp Handle ID: 1784 Operation ID: {0,2238875} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6EB.tmp Handle ID: 2700 Operation ID: {0,2238872} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6EB.tmp Handle ID: 3476 Operation ID: {0,2238871} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6EB.tmp Handle ID: 3476 Operation ID: {0,2238864} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6EC.tmp Handle ID: 3476 Operation ID: {0,2238861} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6EB.tmp Handle ID: 3476 Operation ID: {0,2238857} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3844 Operation ID: {0,2238794} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3844 Operation ID: {0,2238718} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3272 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3272 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3272 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3272 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6EA.tmp Handle ID: 3272 Operation ID: {0,2238658} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3272 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3272 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3272 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3272 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6E9.tmp Handle ID: 3272 Operation ID: {0,2238653} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3272 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3272 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6EA.tmp Handle ID: 3272 Operation ID: {0,2238648} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3272 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3272 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6EA.tmp Handle ID: 2700 Operation ID: {0,2238635} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6E9.tmp Handle ID: 3272 Operation ID: {0,2238632} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6E9.tmp Handle ID: 3864 Operation ID: {0,2238631} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6E9.tmp Handle ID: 3864 Operation ID: {0,2238624} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6EA.tmp Handle ID: 3864 Operation ID: {0,2238621} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6E9.tmp Handle ID: 3864 Operation ID: {0,2238617} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2700 Operation ID: {0,2238584} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2700 Operation ID: {0,2238548} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2700 Operation ID: {0,2238509} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6E8.tmp Handle ID: 3184 Operation ID: {0,2238200} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6E7.tmp Handle ID: 3184 Operation ID: {0,2238195} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6E8.tmp Handle ID: 3184 Operation ID: {0,2238186} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6E8.tmp Handle ID: 2700 Operation ID: {0,2238173} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6E7.tmp Handle ID: 3184 Operation ID: {0,2238170} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6E7.tmp Handle ID: 3956 Operation ID: {0,2238169} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6E7.tmp Handle ID: 3956 Operation ID: {0,2238162} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6E8.tmp Handle ID: 3956 Operation ID: {0,2238159} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6E7.tmp Handle ID: 3956 Operation ID: {0,2238155} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3844 Operation ID: {0,2238104} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3844 Operation ID: {0,2238019} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6E6.tmp Handle ID: 3476 Operation ID: {0,2237333} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6E5.tmp Handle ID: 3476 Operation ID: {0,2237328} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6E6.tmp Handle ID: 3476 Operation ID: {0,2237323} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6E6.tmp Handle ID: 3184 Operation ID: {0,2237310} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6E5.tmp Handle ID: 3476 Operation ID: {0,2237305} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6E5.tmp Handle ID: 3116 Operation ID: {0,2237304} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6E5.tmp Handle ID: 3116 Operation ID: {0,2237297} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6E6.tmp Handle ID: 3116 Operation ID: {0,2237294} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6E5.tmp Handle ID: 3116 Operation ID: {0,2237241} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3184 Operation ID: {0,2237112} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3184 Operation ID: {0,2237024} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:57 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:57 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3844 Operation ID: {0,2236985} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,2236930} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6E4.tmp Handle ID: 3184 Operation ID: {0,2236901} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6E3.tmp Handle ID: 3184 Operation ID: {0,2236896} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6E4.tmp Handle ID: 3184 Operation ID: {0,2236889} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6E4.tmp Handle ID: 3956 Operation ID: {0,2236868} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6E3.tmp Handle ID: 3184 Operation ID: {0,2236865} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6E3.tmp Handle ID: 3044 Operation ID: {0,2236864} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6E3.tmp Handle ID: 3044 Operation ID: {0,2236856} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6E4.tmp Handle ID: 3044 Operation ID: {0,2236854} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6E3.tmp Handle ID: 3044 Operation ID: {0,2236850} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3844 Operation ID: {0,2236799} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3844 Operation ID: {0,2236692} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6E2.tmp Handle ID: 3956 Operation ID: {0,2236648} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6E1.tmp Handle ID: 3956 Operation ID: {0,2236639} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6E2.tmp Handle ID: 3956 Operation ID: {0,2236630} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6E2.tmp Handle ID: 3044 Operation ID: {0,2236617} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6E1.tmp Handle ID: 3956 Operation ID: {0,2236614} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6E1.tmp Handle ID: 3804 Operation ID: {0,2236613} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6E1.tmp Handle ID: 3804 Operation ID: {0,2236604} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6E2.tmp Handle ID: 3804 Operation ID: {0,2236601} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6E1.tmp Handle ID: 3804 Operation ID: {0,2236585} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3044 Operation ID: {0,2236552} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3044 Operation ID: {0,2236516} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3844 Operation ID: {0,2236475} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1784 Operation ID: {0,2236408} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6E0.tmp Handle ID: 3044 Operation ID: {0,2236381} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6DF.tmp Handle ID: 3044 Operation ID: {0,2236374} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6E0.tmp Handle ID: 3044 Operation ID: {0,2236367} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6E0.tmp Handle ID: 1784 Operation ID: {0,2236342} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6DF.tmp Handle ID: 3044 Operation ID: {0,2236339} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6DF.tmp Handle ID: 2700 Operation ID: {0,2236338} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6DF.tmp Handle ID: 2700 Operation ID: {0,2236331} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6E0.tmp Handle ID: 2700 Operation ID: {0,2236328} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6DF.tmp Handle ID: 2700 Operation ID: {0,2236324} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3844 Operation ID: {0,2236273} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3844 Operation ID: {0,2236199} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6DE.tmp Handle ID: 3804 Operation ID: {0,2236129} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6DD.tmp Handle ID: 3804 Operation ID: {0,2236124} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6DE.tmp Handle ID: 3804 Operation ID: {0,2236119} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6DE.tmp Handle ID: 3044 Operation ID: {0,2236106} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6DD.tmp Handle ID: 3804 Operation ID: {0,2236101} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6DD.tmp Handle ID: 3476 Operation ID: {0,2236100} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6DD.tmp Handle ID: 3476 Operation ID: {0,2236093} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6DE.tmp Handle ID: 3476 Operation ID: {0,2236088} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6DD.tmp Handle ID: 3476 Operation ID: {0,2236084} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3044 Operation ID: {0,2236049} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3044 Operation ID: {0,2236009} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3844 Operation ID: {0,2235968} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2700 Operation ID: {0,2235899} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6DC.tmp Handle ID: 3044 Operation ID: {0,2235874} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6DB.tmp Handle ID: 3044 Operation ID: {0,2235867} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6DC.tmp Handle ID: 3044 Operation ID: {0,2235862} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6DC.tmp Handle ID: 2700 Operation ID: {0,2235849} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6DB.tmp Handle ID: 3044 Operation ID: {0,2235846} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6DB.tmp Handle ID: 3184 Operation ID: {0,2235845} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6DB.tmp Handle ID: 3184 Operation ID: {0,2235834} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6DC.tmp Handle ID: 3184 Operation ID: {0,2235829} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6DB.tmp Handle ID: 3184 Operation ID: {0,2235825} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3844 Operation ID: {0,2235772} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3844 Operation ID: {0,2235673} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6DA.tmp Handle ID: 2700 Operation ID: {0,2235613} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6D9.tmp Handle ID: 2700 Operation ID: {0,2235608} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6DA.tmp Handle ID: 2700 Operation ID: {0,2235603} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6DA.tmp Handle ID: 3184 Operation ID: {0,2235586} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6D9.tmp Handle ID: 2700 Operation ID: {0,2235583} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6D9.tmp Handle ID: 3956 Operation ID: {0,2235582} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6D9.tmp Handle ID: 3956 Operation ID: {0,2235571} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6DA.tmp Handle ID: 3956 Operation ID: {0,2235566} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6D9.tmp Handle ID: 3956 Operation ID: {0,2235550} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3184 Operation ID: {0,2235515} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3184 Operation ID: {0,2235477} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3844 Operation ID: {0,2235434} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6D8.tmp Handle ID: 3956 Operation ID: {0,2235362} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6D7.tmp Handle ID: 3956 Operation ID: {0,2235357} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6D8.tmp Handle ID: 3956 Operation ID: {0,2235352} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6D8.tmp Handle ID: 3116 Operation ID: {0,2235339} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6D7.tmp Handle ID: 3956 Operation ID: {0,2235336} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6D7.tmp Handle ID: 2700 Operation ID: {0,2235335} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6D7.tmp Handle ID: 2700 Operation ID: {0,2235322} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6D8.tmp Handle ID: 2700 Operation ID: {0,2235321} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6D7.tmp Handle ID: 2700 Operation ID: {0,2235315} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3844 Operation ID: {0,2235262} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3844 Operation ID: {0,2235173} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6D6.tmp Handle ID: 1620 Operation ID: {0,2235028} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6D5.tmp Handle ID: 1620 Operation ID: {0,2235023} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6D6.tmp Handle ID: 1620 Operation ID: {0,2235020} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6D6.tmp Handle ID: 2700 Operation ID: {0,2235007} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6D5.tmp Handle ID: 1620 Operation ID: {0,2235004} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6D5.tmp Handle ID: 3184 Operation ID: {0,2235003} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6D5.tmp Handle ID: 3184 Operation ID: {0,2234990} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6D6.tmp Handle ID: 3184 Operation ID: {0,2234989} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6D5.tmp Handle ID: 3184 Operation ID: {0,2234983} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2700 Operation ID: {0,2234948} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2700 Operation ID: {0,2234910} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2700 Operation ID: {0,2234857} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3272 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3272 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3272 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3272 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6D4.tmp Handle ID: 3272 Operation ID: {0,2234227} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3272 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3272 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3272 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3272 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6D3.tmp Handle ID: 3272 Operation ID: {0,2234222} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3272 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3272 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6D4.tmp Handle ID: 3272 Operation ID: {0,2234217} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3272 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3272 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6D4.tmp Handle ID: 2700 Operation ID: {0,2234192} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6D3.tmp Handle ID: 3272 Operation ID: {0,2234189} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6D3.tmp Handle ID: 3248 Operation ID: {0,2234188} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6D3.tmp Handle ID: 3248 Operation ID: {0,2234175} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6D4.tmp Handle ID: 3248 Operation ID: {0,2234172} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6D3.tmp Handle ID: 3248 Operation ID: {0,2234168} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3804 Operation ID: {0,2234115} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3804 Operation ID: {0,2234028} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6D2.tmp Handle ID: 3116 Operation ID: {0,2233986} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6D1.tmp Handle ID: 3116 Operation ID: {0,2233985} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6D2.tmp Handle ID: 3116 Operation ID: {0,2233984} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3272 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3272 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3272 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6D2.tmp Handle ID: 3272 Operation ID: {0,2233983} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6D1.tmp Handle ID: 3116 Operation ID: {0,2233982} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6D1.tmp Handle ID: 1784 Operation ID: {0,2233981} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6D1.tmp Handle ID: 1784 Operation ID: {0,2233972} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6D2.tmp Handle ID: 1784 Operation ID: {0,2233967} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6D1.tmp Handle ID: 1784 Operation ID: {0,2233963} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3272 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3272 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3272 Operation ID: {0,2233934} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3272 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3272 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3272 Operation ID: {0,2233902} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3844 Operation ID: {0,2233863} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3044 Operation ID: {0,2233796} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6D0.tmp Handle ID: 1784 Operation ID: {0,2233753} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6CF.tmp Handle ID: 1784 Operation ID: {0,2233748} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6D0.tmp Handle ID: 1784 Operation ID: {0,2233743} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6D0.tmp Handle ID: 3044 Operation ID: {0,2233726} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6CF.tmp Handle ID: 1784 Operation ID: {0,2233725} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6CF.tmp Handle ID: 3216 Operation ID: {0,2233724} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6CF.tmp Handle ID: 3216 Operation ID: {0,2233711} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6D0.tmp Handle ID: 3216 Operation ID: {0,2233708} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6CF.tmp Handle ID: 3216 Operation ID: {0,2233704} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3928 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3928 Operation ID: {0,2233639} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3928 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3928 Operation ID: {0,2233548} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6CE.tmp Handle ID: 3044 Operation ID: {0,2233502} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6CD.tmp Handle ID: 3044 Operation ID: {0,2233497} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6CE.tmp Handle ID: 3044 Operation ID: {0,2233494} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6CE.tmp Handle ID: 3216 Operation ID: {0,2233479} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6CD.tmp Handle ID: 3044 Operation ID: {0,2233476} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6CD.tmp Handle ID: 3068 Operation ID: {0,2233475} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6CD.tmp Handle ID: 3068 Operation ID: {0,2233462} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6CE.tmp Handle ID: 3068 Operation ID: {0,2233459} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6CD.tmp Handle ID: 3068 Operation ID: {0,2233455} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3216 Operation ID: {0,2233420} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3216 Operation ID: {0,2233382} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4056 Operation ID: {0,2233339} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3248 Operation ID: {0,2233252} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6CC.tmp Handle ID: 2700 Operation ID: {0,2233231} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6CB.tmp Handle ID: 2700 Operation ID: {0,2233226} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6CC.tmp Handle ID: 2700 Operation ID: {0,2233221} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6CC.tmp Handle ID: 3248 Operation ID: {0,2233208} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6CB.tmp Handle ID: 2700 Operation ID: {0,2233205} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6CB.tmp Handle ID: 3116 Operation ID: {0,2233204} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6CB.tmp Handle ID: 3116 Operation ID: {0,2233191} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6CC.tmp Handle ID: 3116 Operation ID: {0,2233190} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6CB.tmp Handle ID: 3116 Operation ID: {0,2233184} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3744 Operation ID: {0,2233133} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3744 Operation ID: {0,2233058} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6CA.tmp Handle ID: 3216 Operation ID: {0,2233010} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6C9.tmp Handle ID: 3216 Operation ID: {0,2233007} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6CA.tmp Handle ID: 3216 Operation ID: {0,2233004} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3216 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3216 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6CA.tmp Handle ID: 2700 Operation ID: {0,2232989} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6C9.tmp Handle ID: 3216 Operation ID: {0,2232986} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6C9.tmp Handle ID: 3476 Operation ID: {0,2232985} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6C9.tmp Handle ID: 3476 Operation ID: {0,2232974} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6CA.tmp Handle ID: 3476 Operation ID: {0,2232969} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6C9.tmp Handle ID: 3476 Operation ID: {0,2232965} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2700 Operation ID: {0,2232930} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2700 Operation ID: {0,2232892} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4080 Operation ID: {0,2232849} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,2232747} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6C8.tmp Handle ID: 3476 Operation ID: {0,2232716} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6C7.tmp Handle ID: 3476 Operation ID: {0,2232711} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6C8.tmp Handle ID: 3476 Operation ID: {0,2232706} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6C8.tmp Handle ID: 3956 Operation ID: {0,2232691} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6C7.tmp Handle ID: 3476 Operation ID: {0,2232688} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6C7.tmp Handle ID: 3068 Operation ID: {0,2232687} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6C7.tmp Handle ID: 3068 Operation ID: {0,2232674} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6C8.tmp Handle ID: 3068 Operation ID: {0,2232671} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6C7.tmp Handle ID: 3068 Operation ID: {0,2232667} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1772 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1772 Operation ID: {0,2232614} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1772 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1772 Operation ID: {0,2232546} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6C6.tmp Handle ID: 3956 Operation ID: {0,2232502} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6C5.tmp Handle ID: 3956 Operation ID: {0,2232497} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6C6.tmp Handle ID: 3956 Operation ID: {0,2232492} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3272 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6C6.tmp Handle ID: 3068 Operation ID: {0,2232479} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3272 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6C5.tmp Handle ID: 3956 Operation ID: {0,2232476} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6C5.tmp Handle ID: 3272 Operation ID: {0,2232475} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3272 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3272 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6C5.tmp Handle ID: 3272 Operation ID: {0,2232462} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3272 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6C6.tmp Handle ID: 3272 Operation ID: {0,2232461} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3272 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6C5.tmp Handle ID: 3272 Operation ID: {0,2232455} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3068 Operation ID: {0,2232420} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3068 Operation ID: {0,2232367} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1572 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1572 Operation ID: {0,2232324} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3272 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3272 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3272 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3272 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6C4.tmp Handle ID: 3272 Operation ID: {0,2232212} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3272 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3272 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3272 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3272 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6C3.tmp Handle ID: 3272 Operation ID: {0,2232211} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3272 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3272 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6C4.tmp Handle ID: 3272 Operation ID: {0,2232210} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3272 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3272 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6C4.tmp Handle ID: 3068 Operation ID: {0,2232185} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6C3.tmp Handle ID: 3272 Operation ID: {0,2232184} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6C3.tmp Handle ID: 3956 Operation ID: {0,2232180} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6C3.tmp Handle ID: 3956 Operation ID: {0,2232170} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6C4.tmp Handle ID: 3956 Operation ID: {0,2232167} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6C3.tmp Handle ID: 3956 Operation ID: {0,2232163} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3852 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3852 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3852 Operation ID: {0,2232110} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3180 Operation ID: {0,2232035} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3112 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3112 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3112 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3112 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6C2.tmp Handle ID: 3112 Operation ID: {0,2231957} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3112 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3112 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3112 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3112 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6C1.tmp Handle ID: 3112 Operation ID: {0,2231946} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3112 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3112 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6C2.tmp Handle ID: 3112 Operation ID: {0,2231941} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3112 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3112 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6C2.tmp Handle ID: 3068 Operation ID: {0,2231922} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6C1.tmp Handle ID: 3112 Operation ID: {0,2231919} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6C1.tmp Handle ID: 3784 Operation ID: {0,2231918} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6C1.tmp Handle ID: 3784 Operation ID: {0,2231909} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6C2.tmp Handle ID: 3784 Operation ID: {0,2231902} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6C1.tmp Handle ID: 3784 Operation ID: {0,2231898} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3068 Operation ID: {0,2231863} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3068 Operation ID: {0,2231825} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3068 Operation ID: {0,2231784} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:48 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4032 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:54:48 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4032 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:54:48 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4032 Operation ID: {0,2226857} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:54:41 AM Security Success Audit Logon/Logoff 538 NT AUTHORITY\ANONYMOUS LOGON AERODB "User Logoff: User Name: ANONYMOUS LOGON Domain: NT AUTHORITY Logon ID: (0x0,0x21EEBA) Logon Type: 3 " 4/17/2020 11:54:41 AM Security Success Audit Logon/Logoff 540 NT AUTHORITY\ANONYMOUS LOGON AERODB "Successful Network Logon: User Name: Domain: Logon ID: (0x0,0x21EEBA) Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NTLM Workstation Name: AEROADMIN Logon GUID: - Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 192.168.0.12 Source Port: 0 " 4/17/2020 11:54:41 AM Security Success Audit Logon/Logoff 538 NT AUTHORITY\ANONYMOUS LOGON AERODB "User Logoff: User Name: ANONYMOUS LOGON Domain: NT AUTHORITY Logon ID: (0x0,0x21EE62) Logon Type: 3 " 4/17/2020 11:54:41 AM Security Success Audit Logon/Logoff 540 NT AUTHORITY\ANONYMOUS LOGON AERODB "Successful Network Logon: User Name: Domain: Logon ID: (0x0,0x21EE62) Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NTLM Workstation Name: AEROADMIN Logon GUID: - Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 192.168.0.12 Source Port: 0 " 4/17/2020 11:54:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 764 Process ID: 128 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:54:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\df4f07500166.$$$ Handle ID: 764 Operation ID: {0,2223259} Process ID: 128 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x13019F " 4/17/2020 11:54:39 AM Security Success Audit Object Access 563 NT AUTHORITY\SYSTEM AERODB "Object Open for Delete: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\df4f07500166.$$$ Handle ID: - Operation ID: {0,2223259} Process ID: 128 Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: SeRestorePrivilege Access Mask: 0x13019F " 4/17/2020 11:53:30 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 804 Process ID: 5092 Image File Name: C:\WINDOWS\system32\mmc.exe " 4/17/2020 11:53:30 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Security Handle ID: 804 Operation ID: {0,1818583} Process ID: 5092 Image File Name: C:\WINDOWS\system32\mmc.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Set key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x2 " 4/17/2020 11:53:30 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 284 Process ID: 5092 Image File Name: C:\WINDOWS\system32\mmc.exe " 4/17/2020 11:53:30 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 284 Object Type: Key Process ID: 5092 Image File Name: C:\WINDOWS\system32\mmc.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:30 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 284 Operation ID: {0,1817037} Process ID: 5092 Image File Name: C:\WINDOWS\system32\mmc.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:30 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 140 Process ID: 5092 Image File Name: C:\WINDOWS\system32\mmc.exe " 4/17/2020 11:53:30 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 140 Object Type: Key Process ID: 5092 Image File Name: C:\WINDOWS\system32\mmc.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:30 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 140 Operation ID: {0,1816449} Process ID: 5092 Image File Name: C:\WINDOWS\system32\mmc.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:30 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 120 Process ID: 5092 Image File Name: C:\WINDOWS\system32\mmc.exe " 4/17/2020 11:53:30 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 120 Object Type: Key Process ID: 5092 Image File Name: C:\WINDOWS\system32\mmc.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:30 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 120 Operation ID: {0,1816374} Process ID: 5092 Image File Name: C:\WINDOWS\system32\mmc.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:53:30 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 92 Process ID: 4940 Image File Name: C:\WINDOWS\system32\eventvwr.exe " 4/17/2020 11:53:30 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 92 Object Type: Key Process ID: 4940 Image File Name: C:\WINDOWS\system32\eventvwr.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:30 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 92 Operation ID: {0,1816204} Process ID: 4940 Image File Name: C:\WINDOWS\system32\eventvwr.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:17 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:17 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:17 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 2044 Operation ID: {0,1791079} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:53:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 628 Process ID: 128 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:53:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 660 Process ID: 128 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:53:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\New Text Document.txt Handle ID: 660 Operation ID: {0,1776180} Process ID: 128 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadData (or ListDirectory) ReadAttributes Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100081 " 4/17/2020 11:53:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 628 Object Type: File Process ID: 128 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 628 Operation ID: {0,1776179} Process ID: 128 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadData (or ListDirectory) Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100001 " 4/17/2020 11:53:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 628 Process ID: 128 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:53:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 660 Process ID: 128 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:53:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\ntuser.dat Handle ID: 660 Operation ID: {0,1774502} Process ID: 128 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadData (or ListDirectory) ReadAttributes Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100081 " 4/17/2020 11:53:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 628 Object Type: File Process ID: 128 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 628 Operation ID: {0,1774499} Process ID: 128 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadData (or ListDirectory) Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100001 " 4/17/2020 11:53:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 628 Process ID: 128 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:53:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 628 Object Type: File Process ID: 128 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\vmware-temp Handle ID: 628 Operation ID: {0,1774475} Process ID: 128 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadData (or ListDirectory) Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100001 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6C0.tmp Handle ID: 3916 Operation ID: {0,1772685} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6BF.tmp Handle ID: 3916 Operation ID: {0,1772680} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6C0.tmp Handle ID: 3916 Operation ID: {0,1772675} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3148 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6C0.tmp Handle ID: 4024 Operation ID: {0,1772662} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3148 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6BF.tmp Handle ID: 3916 Operation ID: {0,1772659} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6BF.tmp Handle ID: 3148 Operation ID: {0,1772658} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3148 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3148 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6BF.tmp Handle ID: 3148 Operation ID: {0,1772649} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3148 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6C0.tmp Handle ID: 3148 Operation ID: {0,1772648} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3148 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6BF.tmp Handle ID: 3148 Operation ID: {0,1772644} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1784 Operation ID: {0,1772593} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1784 Operation ID: {0,1772524} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3148 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3148 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3148 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3148 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6BE.tmp Handle ID: 3148 Operation ID: {0,1772489} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3148 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3148 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3148 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3148 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6BD.tmp Handle ID: 3148 Operation ID: {0,1772484} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3148 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3148 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6BE.tmp Handle ID: 3148 Operation ID: {0,1772479} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3148 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3148 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6BE.tmp Handle ID: 3916 Operation ID: {0,1772464} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6BD.tmp Handle ID: 3148 Operation ID: {0,1772461} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6BD.tmp Handle ID: 3784 Operation ID: {0,1772460} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6BD.tmp Handle ID: 3784 Operation ID: {0,1772448} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6BE.tmp Handle ID: 3784 Operation ID: {0,1772445} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6BD.tmp Handle ID: 3784 Operation ID: {0,1772441} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3916 Operation ID: {0,1772408} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3916 Operation ID: {0,1772372} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1784 Operation ID: {0,1772331} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3852 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3852 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3852 Operation ID: {0,1772284} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6BC.tmp Handle ID: 3784 Operation ID: {0,1772259} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6BB.tmp Handle ID: 3784 Operation ID: {0,1772252} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6BC.tmp Handle ID: 3784 Operation ID: {0,1772247} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3852 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3852 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3852 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6BC.tmp Handle ID: 3852 Operation ID: {0,1772234} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6BB.tmp Handle ID: 3784 Operation ID: {0,1772231} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6BB.tmp Handle ID: 2700 Operation ID: {0,1772230} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6BB.tmp Handle ID: 2700 Operation ID: {0,1772223} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6BC.tmp Handle ID: 2700 Operation ID: {0,1772220} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6BB.tmp Handle ID: 2700 Operation ID: {0,1772216} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1784 Operation ID: {0,1772164} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1784 Operation ID: {0,1772078} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3852 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3852 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3852 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3852 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6BA.tmp Handle ID: 3852 Operation ID: {0,1772039} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3852 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3852 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3852 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3852 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6B9.tmp Handle ID: 3852 Operation ID: {0,1772030} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3852 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3852 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6BA.tmp Handle ID: 3852 Operation ID: {0,1772027} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3852 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3852 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6BA.tmp Handle ID: 2700 Operation ID: {0,1772014} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6B9.tmp Handle ID: 3852 Operation ID: {0,1772009} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6B9.tmp Handle ID: 3248 Operation ID: {0,1772008} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6B9.tmp Handle ID: 3248 Operation ID: {0,1772001} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6BA.tmp Handle ID: 3248 Operation ID: {0,1771998} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6B9.tmp Handle ID: 3248 Operation ID: {0,1771994} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2700 Operation ID: {0,1771960} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2700 Operation ID: {0,1771924} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1784 Operation ID: {0,1771883} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3180 Operation ID: {0,1771833} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6B8.tmp Handle ID: 3248 Operation ID: {0,1771805} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6B7.tmp Handle ID: 3248 Operation ID: {0,1771800} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6B8.tmp Handle ID: 3248 Operation ID: {0,1771795} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6B8.tmp Handle ID: 3180 Operation ID: {0,1771782} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6B7.tmp Handle ID: 3248 Operation ID: {0,1771779} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6B7.tmp Handle ID: 4024 Operation ID: {0,1771778} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6B7.tmp Handle ID: 4024 Operation ID: {0,1771771} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6B8.tmp Handle ID: 4024 Operation ID: {0,1771768} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6B7.tmp Handle ID: 4024 Operation ID: {0,1771764} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1784 Operation ID: {0,1771707} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1784 Operation ID: {0,1771630} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3852 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3852 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3852 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3852 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6B6.tmp Handle ID: 3852 Operation ID: {0,1771591} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3852 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3852 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3852 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3852 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6B5.tmp Handle ID: 3852 Operation ID: {0,1771586} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3852 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3852 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6B6.tmp Handle ID: 3852 Operation ID: {0,1771581} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3852 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3852 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6B6.tmp Handle ID: 3248 Operation ID: {0,1771568} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6B5.tmp Handle ID: 3852 Operation ID: {0,1771565} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6B5.tmp Handle ID: 3916 Operation ID: {0,1771564} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6B5.tmp Handle ID: 3916 Operation ID: {0,1771557} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6B6.tmp Handle ID: 3916 Operation ID: {0,1771554} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6B5.tmp Handle ID: 3916 Operation ID: {0,1771550} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3248 Operation ID: {0,1771517} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3248 Operation ID: {0,1771481} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1784 Operation ID: {0,1771440} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4024 Operation ID: {0,1771388} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6B4.tmp Handle ID: 3916 Operation ID: {0,1771363} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6B3.tmp Handle ID: 3916 Operation ID: {0,1771358} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6B4.tmp Handle ID: 3916 Operation ID: {0,1771353} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6B4.tmp Handle ID: 4024 Operation ID: {0,1771340} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6B3.tmp Handle ID: 3916 Operation ID: {0,1771335} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6B3.tmp Handle ID: 3784 Operation ID: {0,1771334} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6B3.tmp Handle ID: 3784 Operation ID: {0,1771327} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6B4.tmp Handle ID: 3784 Operation ID: {0,1771324} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6B3.tmp Handle ID: 3784 Operation ID: {0,1771320} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1772 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1772 Operation ID: {0,1771269} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1784 Operation ID: {0,1771205} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6B2.tmp Handle ID: 3784 Operation ID: {0,1771171} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6B1.tmp Handle ID: 3784 Operation ID: {0,1771166} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6B2.tmp Handle ID: 3784 Operation ID: {0,1771161} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6B2.tmp Handle ID: 3916 Operation ID: {0,1771146} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6B1.tmp Handle ID: 3784 Operation ID: {0,1771143} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6B1.tmp Handle ID: 3180 Operation ID: {0,1771142} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6B1.tmp Handle ID: 3180 Operation ID: {0,1771135} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6B2.tmp Handle ID: 3180 Operation ID: {0,1771132} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6B1.tmp Handle ID: 3180 Operation ID: {0,1771128} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3916 Operation ID: {0,1771095} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3916 Operation ID: {0,1771059} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1784 Operation ID: {0,1771018} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6B0.tmp Handle ID: 3180 Operation ID: {0,1770986} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6AF.tmp Handle ID: 3180 Operation ID: {0,1770981} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6B0.tmp Handle ID: 3180 Operation ID: {0,1770976} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3852 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3852 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3852 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6B0.tmp Handle ID: 3852 Operation ID: {0,1770963} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6AF.tmp Handle ID: 3180 Operation ID: {0,1770958} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6AF.tmp Handle ID: 4064 Operation ID: {0,1770957} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6AF.tmp Handle ID: 4064 Operation ID: {0,1770950} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6B0.tmp Handle ID: 4064 Operation ID: {0,1770947} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6AF.tmp Handle ID: 4064 Operation ID: {0,1770943} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1784 Operation ID: {0,1770892} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1784 Operation ID: {0,1770831} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3148 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3148 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3148 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3148 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6AE.tmp Handle ID: 3148 Operation ID: {0,1770797} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3148 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3148 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3148 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3148 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6AD.tmp Handle ID: 3148 Operation ID: {0,1770790} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3148 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3148 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6AE.tmp Handle ID: 3148 Operation ID: {0,1770787} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3148 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3148 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6AE.tmp Handle ID: 3180 Operation ID: {0,1770774} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6AD.tmp Handle ID: 3148 Operation ID: {0,1770769} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6AD.tmp Handle ID: 4064 Operation ID: {0,1770768} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6AD.tmp Handle ID: 4064 Operation ID: {0,1770761} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6AE.tmp Handle ID: 4064 Operation ID: {0,1770758} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6AD.tmp Handle ID: 4064 Operation ID: {0,1770754} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3180 Operation ID: {0,1770721} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3180 Operation ID: {0,1770687} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3180 Operation ID: {0,1770648} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6AC.tmp Handle ID: 3068 Operation ID: {0,1770495} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6AB.tmp Handle ID: 3068 Operation ID: {0,1770490} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6AC.tmp Handle ID: 3068 Operation ID: {0,1770483} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3852 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6AC.tmp Handle ID: 3784 Operation ID: {0,1770470} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3852 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6AB.tmp Handle ID: 3068 Operation ID: {0,1770465} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6AB.tmp Handle ID: 3852 Operation ID: {0,1770464} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3852 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3852 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6AB.tmp Handle ID: 3852 Operation ID: {0,1770457} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3852 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6AC.tmp Handle ID: 3852 Operation ID: {0,1770454} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3852 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6AB.tmp Handle ID: 3852 Operation ID: {0,1770450} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3192 Operation ID: {0,1770399} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3192 Operation ID: {0,1770338} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6AA.tmp Handle ID: 3784 Operation ID: {0,1770304} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6A9.tmp Handle ID: 3784 Operation ID: {0,1770299} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6AA.tmp Handle ID: 3784 Operation ID: {0,1770294} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3852 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3852 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3852 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6AA.tmp Handle ID: 3852 Operation ID: {0,1770281} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6A9.tmp Handle ID: 3784 Operation ID: {0,1770276} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6A9.tmp Handle ID: 3248 Operation ID: {0,1770275} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6A9.tmp Handle ID: 3248 Operation ID: {0,1770268} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6AA.tmp Handle ID: 3248 Operation ID: {0,1770265} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6A9.tmp Handle ID: 3248 Operation ID: {0,1770259} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3852 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3852 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3852 Operation ID: {0,1770230} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3852 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3852 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3852 Operation ID: {0,1770194} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3192 Operation ID: {0,1770153} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3916 Operation ID: {0,1770110} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3852 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3852 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3852 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3852 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6A8.tmp Handle ID: 3852 Operation ID: {0,1770085} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3852 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3852 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3852 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3852 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6A7.tmp Handle ID: 3852 Operation ID: {0,1770078} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3852 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3852 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6A8.tmp Handle ID: 3852 Operation ID: {0,1770075} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3852 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3852 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6A8.tmp Handle ID: 3916 Operation ID: {0,1770062} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6A7.tmp Handle ID: 3852 Operation ID: {0,1770057} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6A7.tmp Handle ID: 4024 Operation ID: {0,1770056} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6A7.tmp Handle ID: 4024 Operation ID: {0,1770049} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6A8.tmp Handle ID: 4024 Operation ID: {0,1770046} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6A7.tmp Handle ID: 4024 Operation ID: {0,1770041} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3192 Operation ID: {0,1769990} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3192 Operation ID: {0,1769929} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6A6.tmp Handle ID: 3248 Operation ID: {0,1769895} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6A5.tmp Handle ID: 3248 Operation ID: {0,1769890} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6A6.tmp Handle ID: 3248 Operation ID: {0,1769885} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3852 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3852 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3852 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6A6.tmp Handle ID: 3852 Operation ID: {0,1769872} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6A5.tmp Handle ID: 3248 Operation ID: {0,1769867} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6A5.tmp Handle ID: 4064 Operation ID: {0,1769866} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6A5.tmp Handle ID: 4064 Operation ID: {0,1769859} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6A6.tmp Handle ID: 4064 Operation ID: {0,1769856} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6A5.tmp Handle ID: 4064 Operation ID: {0,1769852} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3852 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3852 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3852 Operation ID: {0,1769819} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3852 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3852 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3852 Operation ID: {0,1769783} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3192 Operation ID: {0,1769742} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4024 Operation ID: {0,1769699} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6A4.tmp Handle ID: 4064 Operation ID: {0,1769674} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6A3.tmp Handle ID: 4064 Operation ID: {0,1769669} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6A4.tmp Handle ID: 4064 Operation ID: {0,1769662} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6A4.tmp Handle ID: 4024 Operation ID: {0,1769647} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6A3.tmp Handle ID: 4064 Operation ID: {0,1769644} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6A3.tmp Handle ID: 3068 Operation ID: {0,1769643} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6A3.tmp Handle ID: 3068 Operation ID: {0,1769636} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6A4.tmp Handle ID: 3068 Operation ID: {0,1769633} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6A3.tmp Handle ID: 3068 Operation ID: {0,1769629} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3192 Operation ID: {0,1769578} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3192 Operation ID: {0,1769517} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6A2.tmp Handle ID: 4024 Operation ID: {0,1769485} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6A1.tmp Handle ID: 4024 Operation ID: {0,1769480} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6A2.tmp Handle ID: 4024 Operation ID: {0,1769475} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6A2.tmp Handle ID: 3068 Operation ID: {0,1769462} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6A1.tmp Handle ID: 4024 Operation ID: {0,1769457} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6A1.tmp Handle ID: 3784 Operation ID: {0,1769456} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6A1.tmp Handle ID: 3784 Operation ID: {0,1769449} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6A2.tmp Handle ID: 3784 Operation ID: {0,1769446} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6A1.tmp Handle ID: 3784 Operation ID: {0,1769442} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3068 Operation ID: {0,1769409} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3068 Operation ID: {0,1769373} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3192 Operation ID: {0,1769332} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2700 Operation ID: {0,1769288} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6A0.tmp Handle ID: 3784 Operation ID: {0,1769263} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab69F.tmp Handle ID: 3784 Operation ID: {0,1769258} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6A0.tmp Handle ID: 3784 Operation ID: {0,1769253} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6A0.tmp Handle ID: 2700 Operation ID: {0,1769240} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab69F.tmp Handle ID: 3784 Operation ID: {0,1769235} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab69F.tmp Handle ID: 3916 Operation ID: {0,1769234} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab69F.tmp Handle ID: 3916 Operation ID: {0,1769227} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6A0.tmp Handle ID: 3916 Operation ID: {0,1769224} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab69F.tmp Handle ID: 3916 Operation ID: {0,1769220} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3192 Operation ID: {0,1769169} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3192 Operation ID: {0,1769108} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar69E.tmp Handle ID: 4024 Operation ID: {0,1769072} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab69D.tmp Handle ID: 4024 Operation ID: {0,1769067} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar69E.tmp Handle ID: 4024 Operation ID: {0,1769062} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3852 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar69E.tmp Handle ID: 3784 Operation ID: {0,1769049} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3852 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab69D.tmp Handle ID: 4024 Operation ID: {0,1769044} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab69D.tmp Handle ID: 3852 Operation ID: {0,1769043} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3852 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3852 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab69D.tmp Handle ID: 3852 Operation ID: {0,1769036} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3852 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar69E.tmp Handle ID: 3852 Operation ID: {0,1769033} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3852 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab69D.tmp Handle ID: 3852 Operation ID: {0,1769029} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3784 Operation ID: {0,1768996} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3784 Operation ID: {0,1768960} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3192 Operation ID: {0,1768919} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3852 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3852 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3852 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3852 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar69C.tmp Handle ID: 3852 Operation ID: {0,1768887} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3852 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3852 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3852 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3852 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab69B.tmp Handle ID: 3852 Operation ID: {0,1768882} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3852 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3852 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar69C.tmp Handle ID: 3852 Operation ID: {0,1768877} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3852 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3852 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar69C.tmp Handle ID: 3916 Operation ID: {0,1768864} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab69B.tmp Handle ID: 3852 Operation ID: {0,1768861} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab69B.tmp Handle ID: 4064 Operation ID: {0,1768860} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab69B.tmp Handle ID: 4064 Operation ID: {0,1768853} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar69C.tmp Handle ID: 4064 Operation ID: {0,1768850} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab69B.tmp Handle ID: 4064 Operation ID: {0,1768846} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3192 Operation ID: {0,1768795} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3192 Operation ID: {0,1768730} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar69A.tmp Handle ID: 3916 Operation ID: {0,1768690} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab699.tmp Handle ID: 3916 Operation ID: {0,1768683} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar69A.tmp Handle ID: 3916 Operation ID: {0,1768678} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar69A.tmp Handle ID: 3068 Operation ID: {0,1768665} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab699.tmp Handle ID: 3916 Operation ID: {0,1768660} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab699.tmp Handle ID: 4064 Operation ID: {0,1768659} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab699.tmp Handle ID: 4064 Operation ID: {0,1768652} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar69A.tmp Handle ID: 4064 Operation ID: {0,1768649} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab699.tmp Handle ID: 4064 Operation ID: {0,1768645} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3068 Operation ID: {0,1768612} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3068 Operation ID: {0,1768578} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3068 Operation ID: {0,1768539} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar698.tmp Handle ID: 3956 Operation ID: {0,1768421} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab697.tmp Handle ID: 3956 Operation ID: {0,1768416} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar698.tmp Handle ID: 3956 Operation ID: {0,1768411} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar698.tmp Handle ID: 3068 Operation ID: {0,1768398} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab697.tmp Handle ID: 3956 Operation ID: {0,1768393} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab697.tmp Handle ID: 4064 Operation ID: {0,1768392} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab697.tmp Handle ID: 4064 Operation ID: {0,1768385} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar698.tmp Handle ID: 4064 Operation ID: {0,1768382} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab697.tmp Handle ID: 4064 Operation ID: {0,1768378} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3192 Operation ID: {0,1768327} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3192 Operation ID: {0,1768249} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar696.tmp Handle ID: 3068 Operation ID: {0,1768213} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab695.tmp Handle ID: 3068 Operation ID: {0,1768208} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar696.tmp Handle ID: 3068 Operation ID: {0,1768203} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar696.tmp Handle ID: 4064 Operation ID: {0,1768188} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab695.tmp Handle ID: 3068 Operation ID: {0,1768185} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab695.tmp Handle ID: 3180 Operation ID: {0,1768184} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab695.tmp Handle ID: 3180 Operation ID: {0,1768177} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar696.tmp Handle ID: 3180 Operation ID: {0,1768174} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab695.tmp Handle ID: 3180 Operation ID: {0,1768170} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4064 Operation ID: {0,1768135} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4064 Operation ID: {0,1768099} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3192 Operation ID: {0,1768051} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3864 Operation ID: {0,1767960} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3148 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3148 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3148 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3148 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar694.tmp Handle ID: 3148 Operation ID: {0,1767906} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3148 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3148 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3148 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3148 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab693.tmp Handle ID: 3148 Operation ID: {0,1767895} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3148 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3148 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar694.tmp Handle ID: 3148 Operation ID: {0,1767890} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3148 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3148 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar694.tmp Handle ID: 1572 Operation ID: {0,1767877} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab693.tmp Handle ID: 3148 Operation ID: {0,1767872} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab693.tmp Handle ID: 4064 Operation ID: {0,1767871} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab693.tmp Handle ID: 4064 Operation ID: {0,1767864} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar694.tmp Handle ID: 4064 Operation ID: {0,1767861} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab693.tmp Handle ID: 4064 Operation ID: {0,1767857} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2700 Operation ID: {0,1767804} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2700 Operation ID: {0,1767736} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar692.tmp Handle ID: 3248 Operation ID: {0,1767699} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab691.tmp Handle ID: 3248 Operation ID: {0,1767692} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar692.tmp Handle ID: 3248 Operation ID: {0,1767687} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3148 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3148 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3148 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar692.tmp Handle ID: 3148 Operation ID: {0,1767674} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab691.tmp Handle ID: 3248 Operation ID: {0,1767671} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab691.tmp Handle ID: 3956 Operation ID: {0,1767670} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab691.tmp Handle ID: 3956 Operation ID: {0,1767663} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar692.tmp Handle ID: 3956 Operation ID: {0,1767660} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab691.tmp Handle ID: 3956 Operation ID: {0,1767656} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3148 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3148 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3148 Operation ID: {0,1767623} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3148 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3148 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3148 Operation ID: {0,1767587} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2700 Operation ID: {0,1767546} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4064 Operation ID: {0,1767502} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar690.tmp Handle ID: 3956 Operation ID: {0,1767477} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab68F.tmp Handle ID: 3956 Operation ID: {0,1767472} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar690.tmp Handle ID: 3956 Operation ID: {0,1767467} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar690.tmp Handle ID: 4064 Operation ID: {0,1767456} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab68F.tmp Handle ID: 3956 Operation ID: {0,1767451} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab68F.tmp Handle ID: 4024 Operation ID: {0,1767450} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab68F.tmp Handle ID: 4024 Operation ID: {0,1767443} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar690.tmp Handle ID: 4024 Operation ID: {0,1767440} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab68F.tmp Handle ID: 4024 Operation ID: {0,1767436} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2700 Operation ID: {0,1767385} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2700 Operation ID: {0,1767308} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar68E.tmp Handle ID: 4064 Operation ID: {0,1767271} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab68D.tmp Handle ID: 4064 Operation ID: {0,1767266} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar68E.tmp Handle ID: 4064 Operation ID: {0,1767261} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar68E.tmp Handle ID: 4024 Operation ID: {0,1767248} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab68D.tmp Handle ID: 4064 Operation ID: {0,1767243} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab68D.tmp Handle ID: 3068 Operation ID: {0,1767242} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab68D.tmp Handle ID: 3068 Operation ID: {0,1767235} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar68E.tmp Handle ID: 3068 Operation ID: {0,1767232} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab68D.tmp Handle ID: 3068 Operation ID: {0,1767228} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4024 Operation ID: {0,1767195} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4024 Operation ID: {0,1767159} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2700 Operation ID: {0,1767118} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3744 Operation ID: {0,1767044} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar68C.tmp Handle ID: 1572 Operation ID: {0,1767017} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab68B.tmp Handle ID: 1572 Operation ID: {0,1767012} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar68C.tmp Handle ID: 1572 Operation ID: {0,1767007} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar68C.tmp Handle ID: 2044 Operation ID: {0,1766991} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab68B.tmp Handle ID: 1572 Operation ID: {0,1766986} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab68B.tmp Handle ID: 3744 Operation ID: {0,1766985} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab68B.tmp Handle ID: 3744 Operation ID: {0,1766978} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar68C.tmp Handle ID: 3744 Operation ID: {0,1766975} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab68B.tmp Handle ID: 3744 Operation ID: {0,1766971} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2700 Operation ID: {0,1766920} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2700 Operation ID: {0,1766859} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar68A.tmp Handle ID: 2044 Operation ID: {0,1766823} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab689.tmp Handle ID: 2044 Operation ID: {0,1766818} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar68A.tmp Handle ID: 2044 Operation ID: {0,1766813} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3148 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar68A.tmp Handle ID: 3744 Operation ID: {0,1766800} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3148 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab689.tmp Handle ID: 2044 Operation ID: {0,1766795} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab689.tmp Handle ID: 3148 Operation ID: {0,1766794} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3148 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3148 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab689.tmp Handle ID: 3148 Operation ID: {0,1766787} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3148 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar68A.tmp Handle ID: 3148 Operation ID: {0,1766784} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3148 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab689.tmp Handle ID: 3148 Operation ID: {0,1766776} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3744 Operation ID: {0,1766747} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3744 Operation ID: {0,1766711} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2700 Operation ID: {0,1766670} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar688.tmp Handle ID: 3744 Operation ID: {0,1766638} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab687.tmp Handle ID: 3744 Operation ID: {0,1766633} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar688.tmp Handle ID: 3744 Operation ID: {0,1766628} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar688.tmp Handle ID: 3192 Operation ID: {0,1766615} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab687.tmp Handle ID: 3744 Operation ID: {0,1766610} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab687.tmp Handle ID: 3956 Operation ID: {0,1766609} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab687.tmp Handle ID: 3956 Operation ID: {0,1766602} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar688.tmp Handle ID: 3956 Operation ID: {0,1766599} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab687.tmp Handle ID: 3956 Operation ID: {0,1766595} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2700 Operation ID: {0,1766544} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2700 Operation ID: {0,1766291} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar686.tmp Handle ID: 3476 Operation ID: {0,1766259} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab685.tmp Handle ID: 3476 Operation ID: {0,1766254} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar686.tmp Handle ID: 3476 Operation ID: {0,1766249} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3140 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3148 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3148 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3148 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar686.tmp Handle ID: 3148 Operation ID: {0,1766236} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3140 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab685.tmp Handle ID: 3476 Operation ID: {0,1766231} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab685.tmp Handle ID: 3140 Operation ID: {0,1766230} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3140 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3140 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab685.tmp Handle ID: 3140 Operation ID: {0,1766223} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3140 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar686.tmp Handle ID: 3140 Operation ID: {0,1766218} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3140 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab685.tmp Handle ID: 3140 Operation ID: {0,1766214} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3148 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3148 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3148 Operation ID: {0,1766181} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3148 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3148 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3148 Operation ID: {0,1766147} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3148 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3148 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3148 Operation ID: {0,1766110} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 628 Process ID: 128 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 628 Object Type: File Process ID: 128 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 628 Operation ID: {0,1766086} Process ID: 128 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadData (or ListDirectory) Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100001 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar684.tmp Handle ID: 3744 Operation ID: {0,1764354} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab683.tmp Handle ID: 3744 Operation ID: {0,1764347} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar684.tmp Handle ID: 3744 Operation ID: {0,1764340} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar684.tmp Handle ID: 3956 Operation ID: {0,1764327} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab683.tmp Handle ID: 3744 Operation ID: {0,1764324} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab683.tmp Handle ID: 1572 Operation ID: {0,1764323} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab683.tmp Handle ID: 1572 Operation ID: {0,1764316} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar684.tmp Handle ID: 1572 Operation ID: {0,1764313} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab683.tmp Handle ID: 1572 Operation ID: {0,1764309} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4080 Operation ID: {0,1764187} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4080 Operation ID: {0,1764100} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar682.tmp Handle ID: 2044 Operation ID: {0,1764066} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab681.tmp Handle ID: 2044 Operation ID: {0,1764059} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar682.tmp Handle ID: 2044 Operation ID: {0,1764054} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar682.tmp Handle ID: 1572 Operation ID: {0,1764039} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab681.tmp Handle ID: 2044 Operation ID: {0,1764036} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab681.tmp Handle ID: 3192 Operation ID: {0,1764035} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab681.tmp Handle ID: 3192 Operation ID: {0,1764026} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar682.tmp Handle ID: 3192 Operation ID: {0,1764023} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab681.tmp Handle ID: 3192 Operation ID: {0,1764019} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1572 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1572 Operation ID: {0,1763986} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1572 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1572 Operation ID: {0,1763950} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4080 Operation ID: {0,1763909} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,1763828} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar680.tmp Handle ID: 3192 Operation ID: {0,1763803} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab67F.tmp Handle ID: 3192 Operation ID: {0,1763796} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar680.tmp Handle ID: 3192 Operation ID: {0,1763789} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar680.tmp Handle ID: 3956 Operation ID: {0,1763774} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab67F.tmp Handle ID: 3192 Operation ID: {0,1763771} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab67F.tmp Handle ID: 2044 Operation ID: {0,1763770} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab67F.tmp Handle ID: 2044 Operation ID: {0,1763759} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar680.tmp Handle ID: 2044 Operation ID: {0,1763756} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab67F.tmp Handle ID: 2044 Operation ID: {0,1763752} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4080 Operation ID: {0,1763700} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4080 Operation ID: {0,1763608} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar67E.tmp Handle ID: 1572 Operation ID: {0,1763553} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab67D.tmp Handle ID: 1572 Operation ID: {0,1763548} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar67E.tmp Handle ID: 1572 Operation ID: {0,1763543} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar67E.tmp Handle ID: 3192 Operation ID: {0,1763530} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab67D.tmp Handle ID: 1572 Operation ID: {0,1763525} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab67D.tmp Handle ID: 2700 Operation ID: {0,1763524} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab67D.tmp Handle ID: 2700 Operation ID: {0,1763517} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar67E.tmp Handle ID: 2700 Operation ID: {0,1763514} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab67D.tmp Handle ID: 2700 Operation ID: {0,1763510} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3192 Operation ID: {0,1763477} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3192 Operation ID: {0,1763441} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4080 Operation ID: {0,1763400} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2044 Operation ID: {0,1763356} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar67C.tmp Handle ID: 3192 Operation ID: {0,1763331} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab67B.tmp Handle ID: 3192 Operation ID: {0,1763324} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar67C.tmp Handle ID: 3192 Operation ID: {0,1763319} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar67C.tmp Handle ID: 2044 Operation ID: {0,1763306} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab67B.tmp Handle ID: 3192 Operation ID: {0,1763303} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab67B.tmp Handle ID: 3744 Operation ID: {0,1763302} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab67B.tmp Handle ID: 3744 Operation ID: {0,1763295} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar67C.tmp Handle ID: 3744 Operation ID: {0,1763292} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab67B.tmp Handle ID: 3744 Operation ID: {0,1763288} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4080 Operation ID: {0,1763237} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4080 Operation ID: {0,1763174} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar67A.tmp Handle ID: 2044 Operation ID: {0,1763135} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab679.tmp Handle ID: 2044 Operation ID: {0,1763130} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar67A.tmp Handle ID: 2044 Operation ID: {0,1763125} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar67A.tmp Handle ID: 3744 Operation ID: {0,1763112} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab679.tmp Handle ID: 2044 Operation ID: {0,1763109} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab679.tmp Handle ID: 3248 Operation ID: {0,1763108} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab679.tmp Handle ID: 3248 Operation ID: {0,1763101} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar67A.tmp Handle ID: 3248 Operation ID: {0,1763098} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab679.tmp Handle ID: 3248 Operation ID: {0,1763093} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3744 Operation ID: {0,1763058} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3744 Operation ID: {0,1763017} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4080 Operation ID: {0,1762976} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4064 Operation ID: {0,1762895} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar678.tmp Handle ID: 3744 Operation ID: {0,1762868} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab677.tmp Handle ID: 3744 Operation ID: {0,1762861} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar678.tmp Handle ID: 3744 Operation ID: {0,1762854} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar678.tmp Handle ID: 4064 Operation ID: {0,1762841} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab677.tmp Handle ID: 3744 Operation ID: {0,1762838} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab677.tmp Handle ID: 3956 Operation ID: {0,1762837} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab677.tmp Handle ID: 3956 Operation ID: {0,1762830} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar678.tmp Handle ID: 3956 Operation ID: {0,1762827} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab677.tmp Handle ID: 3956 Operation ID: {0,1762823} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4080 Operation ID: {0,1762772} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4080 Operation ID: {0,1762652} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar676.tmp Handle ID: 3248 Operation ID: {0,1762540} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab675.tmp Handle ID: 3248 Operation ID: {0,1762533} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar676.tmp Handle ID: 3248 Operation ID: {0,1762528} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar676.tmp Handle ID: 3192 Operation ID: {0,1762512} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab675.tmp Handle ID: 3248 Operation ID: {0,1762507} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab675.tmp Handle ID: 3744 Operation ID: {0,1762506} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab675.tmp Handle ID: 3744 Operation ID: {0,1762499} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar676.tmp Handle ID: 3744 Operation ID: {0,1762496} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab675.tmp Handle ID: 3744 Operation ID: {0,1762492} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3192 Operation ID: {0,1762451} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3192 Operation ID: {0,1762406} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4080 Operation ID: {0,1762361} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar674.tmp Handle ID: 3744 Operation ID: {0,1762290} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab673.tmp Handle ID: 3744 Operation ID: {0,1762283} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar674.tmp Handle ID: 3744 Operation ID: {0,1762280} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar674.tmp Handle ID: 3956 Operation ID: {0,1762265} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab673.tmp Handle ID: 3744 Operation ID: {0,1762262} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab673.tmp Handle ID: 1572 Operation ID: {0,1762261} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab673.tmp Handle ID: 1572 Operation ID: {0,1762252} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar674.tmp Handle ID: 1572 Operation ID: {0,1762249} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab673.tmp Handle ID: 1572 Operation ID: {0,1762245} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4080 Operation ID: {0,1762191} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4080 Operation ID: {0,1762095} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar672.tmp Handle ID: 3956 Operation ID: {0,1762016} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab671.tmp Handle ID: 3956 Operation ID: {0,1762009} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar672.tmp Handle ID: 3956 Operation ID: {0,1762004} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar672.tmp Handle ID: 1572 Operation ID: {0,1761982} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab671.tmp Handle ID: 3956 Operation ID: {0,1761979} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab671.tmp Handle ID: 2044 Operation ID: {0,1761978} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab671.tmp Handle ID: 2044 Operation ID: {0,1761969} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar672.tmp Handle ID: 2044 Operation ID: {0,1761965} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab671.tmp Handle ID: 2044 Operation ID: {0,1761957} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1572 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1572 Operation ID: {0,1761922} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1572 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1572 Operation ID: {0,1761886} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1572 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1572 Operation ID: {0,1761847} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar670.tmp Handle ID: 4024 Operation ID: {0,1761446} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab66F.tmp Handle ID: 4024 Operation ID: {0,1761441} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar670.tmp Handle ID: 4024 Operation ID: {0,1761436} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar670.tmp Handle ID: 3248 Operation ID: {0,1761421} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab66F.tmp Handle ID: 4024 Operation ID: {0,1761418} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab66F.tmp Handle ID: 4080 Operation ID: {0,1761417} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab66F.tmp Handle ID: 4080 Operation ID: {0,1761410} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar670.tmp Handle ID: 4080 Operation ID: {0,1761407} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab66F.tmp Handle ID: 4080 Operation ID: {0,1761403} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1788 Operation ID: {0,1761352} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1788 Operation ID: {0,1761247} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar66E.tmp Handle ID: 3248 Operation ID: {0,1761212} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab66D.tmp Handle ID: 3248 Operation ID: {0,1761205} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar66E.tmp Handle ID: 3248 Operation ID: {0,1761202} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar66E.tmp Handle ID: 4024 Operation ID: {0,1761187} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab66D.tmp Handle ID: 3248 Operation ID: {0,1761184} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab66D.tmp Handle ID: 2700 Operation ID: {0,1761183} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab66D.tmp Handle ID: 2700 Operation ID: {0,1761175} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar66E.tmp Handle ID: 2700 Operation ID: {0,1761172} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab66D.tmp Handle ID: 2700 Operation ID: {0,1761168} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4024 Operation ID: {0,1761134} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4024 Operation ID: {0,1761098} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1788 Operation ID: {0,1761056} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4064 Operation ID: {0,1760995} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar66C.tmp Handle ID: 2700 Operation ID: {0,1760970} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab66B.tmp Handle ID: 2700 Operation ID: {0,1760965} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar66C.tmp Handle ID: 2700 Operation ID: {0,1760960} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar66C.tmp Handle ID: 4064 Operation ID: {0,1760947} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab66B.tmp Handle ID: 2700 Operation ID: {0,1760944} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab66B.tmp Handle ID: 4080 Operation ID: {0,1760943} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab66B.tmp Handle ID: 4080 Operation ID: {0,1760936} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar66C.tmp Handle ID: 4080 Operation ID: {0,1760933} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab66B.tmp Handle ID: 4080 Operation ID: {0,1760929} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1788 Operation ID: {0,1760878} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1788 Operation ID: {0,1760788} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar66A.tmp Handle ID: 4064 Operation ID: {0,1760747} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab669.tmp Handle ID: 4064 Operation ID: {0,1760740} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar66A.tmp Handle ID: 4064 Operation ID: {0,1760735} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar66A.tmp Handle ID: 4080 Operation ID: {0,1760722} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab669.tmp Handle ID: 4064 Operation ID: {0,1760719} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab669.tmp Handle ID: 1572 Operation ID: {0,1760718} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab669.tmp Handle ID: 1572 Operation ID: {0,1760711} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar66A.tmp Handle ID: 1572 Operation ID: {0,1760708} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab669.tmp Handle ID: 1572 Operation ID: {0,1760704} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4080 Operation ID: {0,1760671} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4080 Operation ID: {0,1760635} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1788 Operation ID: {0,1760594} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3192 Operation ID: {0,1760530} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar668.tmp Handle ID: 4080 Operation ID: {0,1760505} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab667.tmp Handle ID: 4080 Operation ID: {0,1760500} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar668.tmp Handle ID: 4080 Operation ID: {0,1760493} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar668.tmp Handle ID: 3192 Operation ID: {0,1760480} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab667.tmp Handle ID: 4080 Operation ID: {0,1760477} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab667.tmp Handle ID: 2044 Operation ID: {0,1760476} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab667.tmp Handle ID: 2044 Operation ID: {0,1760469} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar668.tmp Handle ID: 2044 Operation ID: {0,1760466} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab667.tmp Handle ID: 2044 Operation ID: {0,1760462} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1788 Operation ID: {0,1760411} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1788 Operation ID: {0,1760348} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar666.tmp Handle ID: 1572 Operation ID: {0,1760292} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab665.tmp Handle ID: 1572 Operation ID: {0,1760285} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar666.tmp Handle ID: 1572 Operation ID: {0,1760278} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar666.tmp Handle ID: 4080 Operation ID: {0,1760265} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab665.tmp Handle ID: 1572 Operation ID: {0,1760262} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab665.tmp Handle ID: 4024 Operation ID: {0,1760261} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab665.tmp Handle ID: 4024 Operation ID: {0,1760254} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar666.tmp Handle ID: 4024 Operation ID: {0,1760251} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab665.tmp Handle ID: 4024 Operation ID: {0,1760247} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4080 Operation ID: {0,1760212} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4080 Operation ID: {0,1760176} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1788 Operation ID: {0,1760132} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2044 Operation ID: {0,1760088} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar664.tmp Handle ID: 4080 Operation ID: {0,1760063} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab663.tmp Handle ID: 4080 Operation ID: {0,1760056} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar664.tmp Handle ID: 4080 Operation ID: {0,1760049} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar664.tmp Handle ID: 2044 Operation ID: {0,1760040} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab663.tmp Handle ID: 4080 Operation ID: {0,1760035} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab663.tmp Handle ID: 2700 Operation ID: {0,1760034} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab663.tmp Handle ID: 2700 Operation ID: {0,1760027} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar664.tmp Handle ID: 2700 Operation ID: {0,1760023} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab663.tmp Handle ID: 2700 Operation ID: {0,1760018} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1788 Operation ID: {0,1759965} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1788 Operation ID: {0,1759899} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar662.tmp Handle ID: 2044 Operation ID: {0,1759866} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab661.tmp Handle ID: 2044 Operation ID: {0,1759859} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar662.tmp Handle ID: 2044 Operation ID: {0,1759854} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar662.tmp Handle ID: 2700 Operation ID: {0,1759841} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab661.tmp Handle ID: 2044 Operation ID: {0,1759838} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab661.tmp Handle ID: 4064 Operation ID: {0,1759837} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab661.tmp Handle ID: 4064 Operation ID: {0,1759828} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar662.tmp Handle ID: 4064 Operation ID: {0,1759827} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab661.tmp Handle ID: 4064 Operation ID: {0,1759823} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2700 Operation ID: {0,1759790} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2700 Operation ID: {0,1759746} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1788 Operation ID: {0,1759704} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar660.tmp Handle ID: 2700 Operation ID: {0,1759660} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab65F.tmp Handle ID: 2700 Operation ID: {0,1759653} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar660.tmp Handle ID: 2700 Operation ID: {0,1759648} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar660.tmp Handle ID: 3248 Operation ID: {0,1759635} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab65F.tmp Handle ID: 2700 Operation ID: {0,1759632} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab65F.tmp Handle ID: 3192 Operation ID: {0,1759631} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab65F.tmp Handle ID: 3192 Operation ID: {0,1759624} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar660.tmp Handle ID: 3192 Operation ID: {0,1759621} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab65F.tmp Handle ID: 3192 Operation ID: {0,1759617} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1788 Operation ID: {0,1759566} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1788 Operation ID: {0,1759502} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar65E.tmp Handle ID: 4064 Operation ID: {0,1759466} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab65D.tmp Handle ID: 4064 Operation ID: {0,1759459} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar65E.tmp Handle ID: 4064 Operation ID: {0,1759452} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar65E.tmp Handle ID: 2700 Operation ID: {0,1759437} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab65D.tmp Handle ID: 4064 Operation ID: {0,1759434} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab65D.tmp Handle ID: 1572 Operation ID: {0,1759433} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab65D.tmp Handle ID: 1572 Operation ID: {0,1759426} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar65E.tmp Handle ID: 1572 Operation ID: {0,1759423} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab65D.tmp Handle ID: 1572 Operation ID: {0,1759419} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2700 Operation ID: {0,1759386} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2700 Operation ID: {0,1759350} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2700 Operation ID: {0,1759311} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar65C.tmp Handle ID: 3744 Operation ID: {0,1759059} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab65B.tmp Handle ID: 3744 Operation ID: {0,1759054} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar65C.tmp Handle ID: 3744 Operation ID: {0,1759047} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar65C.tmp Handle ID: 2700 Operation ID: {0,1759034} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab65B.tmp Handle ID: 3744 Operation ID: {0,1759029} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab65B.tmp Handle ID: 3916 Operation ID: {0,1759028} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab65B.tmp Handle ID: 3916 Operation ID: {0,1759021} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar65C.tmp Handle ID: 3916 Operation ID: {0,1759018} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab65B.tmp Handle ID: 3916 Operation ID: {0,1759002} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1788 Operation ID: {0,1758945} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1788 Operation ID: {0,1758842} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar65A.tmp Handle ID: 3192 Operation ID: {0,1758810} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab659.tmp Handle ID: 3192 Operation ID: {0,1758805} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar65A.tmp Handle ID: 3192 Operation ID: {0,1758800} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar65A.tmp Handle ID: 3916 Operation ID: {0,1758787} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab659.tmp Handle ID: 3192 Operation ID: {0,1758782} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab659.tmp Handle ID: 4024 Operation ID: {0,1758781} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab659.tmp Handle ID: 4024 Operation ID: {0,1758774} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar65A.tmp Handle ID: 4024 Operation ID: {0,1758771} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab659.tmp Handle ID: 4024 Operation ID: {0,1758767} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3916 Operation ID: {0,1758734} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3916 Operation ID: {0,1758698} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1788 Operation ID: {0,1758657} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2700 Operation ID: {0,1758606} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar658.tmp Handle ID: 3916 Operation ID: {0,1758581} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab657.tmp Handle ID: 3916 Operation ID: {0,1758574} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar658.tmp Handle ID: 3916 Operation ID: {0,1758569} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar658.tmp Handle ID: 2700 Operation ID: {0,1758556} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab657.tmp Handle ID: 3916 Operation ID: {0,1758553} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab657.tmp Handle ID: 2044 Operation ID: {0,1758552} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab657.tmp Handle ID: 2044 Operation ID: {0,1758544} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar658.tmp Handle ID: 2044 Operation ID: {0,1758542} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab657.tmp Handle ID: 2044 Operation ID: {0,1758538} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3220 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3220 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3220 Operation ID: {0,1758410} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1704 Operation ID: {0,1758333} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar656.tmp Handle ID: 3180 Operation ID: {0,1758301} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab655.tmp Handle ID: 3180 Operation ID: {0,1758296} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar656.tmp Handle ID: 3180 Operation ID: {0,1758291} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar656.tmp Handle ID: 2044 Operation ID: {0,1758278} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1772 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab655.tmp Handle ID: 3180 Operation ID: {0,1758273} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab655.tmp Handle ID: 1772 Operation ID: {0,1758272} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1772 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab655.tmp Handle ID: 1772 Operation ID: {0,1758265} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar656.tmp Handle ID: 1772 Operation ID: {0,1758262} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab655.tmp Handle ID: 1772 Operation ID: {0,1758258} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2044 Operation ID: {0,1758225} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2044 Operation ID: {0,1758189} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1704 Operation ID: {0,1758148} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2700 Operation ID: {0,1758103} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1772 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1772 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar654.tmp Handle ID: 1772 Operation ID: {0,1758078} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1772 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1772 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab653.tmp Handle ID: 1772 Operation ID: {0,1758071} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1772 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar654.tmp Handle ID: 1772 Operation ID: {0,1758066} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1772 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar654.tmp Handle ID: 2700 Operation ID: {0,1758053} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1716 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab653.tmp Handle ID: 1772 Operation ID: {0,1758050} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab653.tmp Handle ID: 1716 Operation ID: {0,1758049} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1716 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab653.tmp Handle ID: 1716 Operation ID: {0,1758042} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar654.tmp Handle ID: 1716 Operation ID: {0,1758037} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab653.tmp Handle ID: 1716 Operation ID: {0,1758033} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1704 Operation ID: {0,1757980} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1704 Operation ID: {0,1757919} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar652.tmp Handle ID: 2700 Operation ID: {0,1757889} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab651.tmp Handle ID: 2700 Operation ID: {0,1757884} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar652.tmp Handle ID: 2700 Operation ID: {0,1757879} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1716 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1716 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar652.tmp Handle ID: 1716 Operation ID: {0,1757866} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab651.tmp Handle ID: 2700 Operation ID: {0,1757863} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab651.tmp Handle ID: 3212 Operation ID: {0,1757862} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab651.tmp Handle ID: 3212 Operation ID: {0,1757853} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar652.tmp Handle ID: 3212 Operation ID: {0,1757852} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab651.tmp Handle ID: 3212 Operation ID: {0,1757848} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1716 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1716 Operation ID: {0,1757815} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1716 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1716 Operation ID: {0,1757779} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1704 Operation ID: {0,1757737} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1620 Operation ID: {0,1757694} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1716 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1716 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar650.tmp Handle ID: 1716 Operation ID: {0,1757669} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1716 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1716 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab64F.tmp Handle ID: 1716 Operation ID: {0,1757664} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1716 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar650.tmp Handle ID: 1716 Operation ID: {0,1757661} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1716 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar650.tmp Handle ID: 1620 Operation ID: {0,1757648} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab64F.tmp Handle ID: 1716 Operation ID: {0,1757643} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab64F.tmp Handle ID: 3916 Operation ID: {0,1757642} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab64F.tmp Handle ID: 3916 Operation ID: {0,1757635} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar650.tmp Handle ID: 3916 Operation ID: {0,1757632} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab64F.tmp Handle ID: 3916 Operation ID: {0,1757628} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1704 Operation ID: {0,1757577} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1704 Operation ID: {0,1757512} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar64E.tmp Handle ID: 3212 Operation ID: {0,1757482} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab64D.tmp Handle ID: 3212 Operation ID: {0,1757475} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar64E.tmp Handle ID: 3212 Operation ID: {0,1757472} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1716 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1716 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar64E.tmp Handle ID: 1716 Operation ID: {0,1757459} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab64D.tmp Handle ID: 3212 Operation ID: {0,1757456} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab64D.tmp Handle ID: 2044 Operation ID: {0,1757455} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab64D.tmp Handle ID: 2044 Operation ID: {0,1757448} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar64E.tmp Handle ID: 2044 Operation ID: {0,1757445} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab64D.tmp Handle ID: 2044 Operation ID: {0,1757441} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1716 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1716 Operation ID: {0,1757408} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1716 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1716 Operation ID: {0,1757372} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1704 Operation ID: {0,1757331} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar64C.tmp Handle ID: 2044 Operation ID: {0,1757299} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab64B.tmp Handle ID: 2044 Operation ID: {0,1757292} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar64C.tmp Handle ID: 2044 Operation ID: {0,1757287} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar64C.tmp Handle ID: 3916 Operation ID: {0,1757274} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1772 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab64B.tmp Handle ID: 2044 Operation ID: {0,1757269} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab64B.tmp Handle ID: 1772 Operation ID: {0,1757268} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1772 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab64B.tmp Handle ID: 1772 Operation ID: {0,1757259} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar64C.tmp Handle ID: 1772 Operation ID: {0,1757256} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab64B.tmp Handle ID: 1772 Operation ID: {0,1757252} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1704 Operation ID: {0,1757201} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1704 Operation ID: {0,1757139} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar64A.tmp Handle ID: 3916 Operation ID: {0,1757099} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab649.tmp Handle ID: 3916 Operation ID: {0,1757094} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar64A.tmp Handle ID: 3916 Operation ID: {0,1757089} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3916 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1772 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1772 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3916 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar64A.tmp Handle ID: 1772 Operation ID: {0,1757074} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab649.tmp Handle ID: 3916 Operation ID: {0,1757071} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab649.tmp Handle ID: 2700 Operation ID: {0,1757070} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab649.tmp Handle ID: 2700 Operation ID: {0,1757061} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar64A.tmp Handle ID: 2700 Operation ID: {0,1757056} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab649.tmp Handle ID: 2700 Operation ID: {0,1757052} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1772 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1772 Operation ID: {0,1757017} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1772 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1772 Operation ID: {0,1756978} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1772 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1772 Operation ID: {0,1756937} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:53:00 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:00 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:00 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:00 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:00 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar648.tmp Handle ID: 3476 Operation ID: {0,1749054} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:00 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:00 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:00 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:53:00 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:53:00 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab647.tmp Handle ID: 3476 Operation ID: {0,1749049} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:53:00 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:00 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:00 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar648.tmp Handle ID: 3476 Operation ID: {0,1749044} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:00 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:00 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:00 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:00 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:53:00 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:00 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:00 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar648.tmp Handle ID: 1620 Operation ID: {0,1749031} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:53:00 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:53:00 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab647.tmp Handle ID: 3476 Operation ID: {0,1749028} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:00 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab647.tmp Handle ID: 2700 Operation ID: {0,1749027} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:00 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:00 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:53:00 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab647.tmp Handle ID: 2700 Operation ID: {0,1749020} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:53:00 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:00 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar648.tmp Handle ID: 2700 Operation ID: {0,1749017} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:00 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:00 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab647.tmp Handle ID: 2700 Operation ID: {0,1749013} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:53:00 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:53:00 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:53:00 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1704 Operation ID: {0,1748928} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1704 Operation ID: {0,1748847} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar646.tmp Handle ID: 3180 Operation ID: {0,1748799} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab645.tmp Handle ID: 3180 Operation ID: {0,1748794} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar646.tmp Handle ID: 3180 Operation ID: {0,1748785} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar646.tmp Handle ID: 3476 Operation ID: {0,1748772} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3928 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab645.tmp Handle ID: 3180 Operation ID: {0,1748769} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab645.tmp Handle ID: 3928 Operation ID: {0,1748768} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3928 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab645.tmp Handle ID: 3928 Operation ID: {0,1748761} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar646.tmp Handle ID: 3928 Operation ID: {0,1748758} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab645.tmp Handle ID: 3928 Operation ID: {0,1748751} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,1748718} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,1748682} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1704 Operation ID: {0,1748641} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2700 Operation ID: {0,1748596} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3928 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3928 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar644.tmp Handle ID: 3928 Operation ID: {0,1748571} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3928 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3928 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab643.tmp Handle ID: 3928 Operation ID: {0,1748564} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3928 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar644.tmp Handle ID: 3928 Operation ID: {0,1748559} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3928 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar644.tmp Handle ID: 2700 Operation ID: {0,1748546} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab643.tmp Handle ID: 3928 Operation ID: {0,1748543} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab643.tmp Handle ID: 4064 Operation ID: {0,1748542} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab643.tmp Handle ID: 4064 Operation ID: {0,1748533} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar644.tmp Handle ID: 4064 Operation ID: {0,1748532} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab643.tmp Handle ID: 4064 Operation ID: {0,1748528} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1704 Operation ID: {0,1748477} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1704 Operation ID: {0,1748355} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar642.tmp Handle ID: 2700 Operation ID: {0,1748290} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab641.tmp Handle ID: 2700 Operation ID: {0,1748281} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar642.tmp Handle ID: 2700 Operation ID: {0,1748274} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar642.tmp Handle ID: 4064 Operation ID: {0,1748263} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab641.tmp Handle ID: 2700 Operation ID: {0,1748258} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab641.tmp Handle ID: 3188 Operation ID: {0,1748257} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab641.tmp Handle ID: 3188 Operation ID: {0,1748250} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar642.tmp Handle ID: 3188 Operation ID: {0,1748247} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab641.tmp Handle ID: 3188 Operation ID: {0,1748237} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4064 Operation ID: {0,1748204} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4064 Operation ID: {0,1748168} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1704 Operation ID: {0,1748124} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2044 Operation ID: {0,1748016} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar640.tmp Handle ID: 4064 Operation ID: {0,1747991} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab63F.tmp Handle ID: 4064 Operation ID: {0,1747986} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar640.tmp Handle ID: 4064 Operation ID: {0,1747979} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar640.tmp Handle ID: 2044 Operation ID: {0,1747966} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab63F.tmp Handle ID: 4064 Operation ID: {0,1747963} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab63F.tmp Handle ID: 1620 Operation ID: {0,1747962} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab63F.tmp Handle ID: 1620 Operation ID: {0,1747955} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar640.tmp Handle ID: 1620 Operation ID: {0,1747952} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab63F.tmp Handle ID: 1620 Operation ID: {0,1747948} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1704 Operation ID: {0,1747897} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1704 Operation ID: {0,1747800} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar63E.tmp Handle ID: 3188 Operation ID: {0,1747746} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab63D.tmp Handle ID: 3188 Operation ID: {0,1747739} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar63E.tmp Handle ID: 3188 Operation ID: {0,1747734} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar63E.tmp Handle ID: 4064 Operation ID: {0,1747721} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab63D.tmp Handle ID: 3188 Operation ID: {0,1747716} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab63D.tmp Handle ID: 3476 Operation ID: {0,1747715} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab63D.tmp Handle ID: 3476 Operation ID: {0,1747708} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar63E.tmp Handle ID: 3476 Operation ID: {0,1747703} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab63D.tmp Handle ID: 3476 Operation ID: {0,1747699} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4064 Operation ID: {0,1747666} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4064 Operation ID: {0,1747630} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1704 Operation ID: {0,1747589} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1620 Operation ID: {0,1747533} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar63C.tmp Handle ID: 3476 Operation ID: {0,1747503} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab63B.tmp Handle ID: 3476 Operation ID: {0,1747496} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar63C.tmp Handle ID: 3476 Operation ID: {0,1747489} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar63C.tmp Handle ID: 1620 Operation ID: {0,1747469} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3928 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab63B.tmp Handle ID: 3476 Operation ID: {0,1747466} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab63B.tmp Handle ID: 3928 Operation ID: {0,1747465} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3928 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab63B.tmp Handle ID: 3928 Operation ID: {0,1747457} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar63C.tmp Handle ID: 3928 Operation ID: {0,1747452} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab63B.tmp Handle ID: 3928 Operation ID: {0,1747448} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1704 Operation ID: {0,1747396} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1704 Operation ID: {0,1747283} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar63A.tmp Handle ID: 2700 Operation ID: {0,1747211} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab639.tmp Handle ID: 2700 Operation ID: {0,1747206} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar63A.tmp Handle ID: 2700 Operation ID: {0,1747201} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar63A.tmp Handle ID: 2044 Operation ID: {0,1747185} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3928 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab639.tmp Handle ID: 2700 Operation ID: {0,1747180} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab639.tmp Handle ID: 3928 Operation ID: {0,1747179} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3928 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab639.tmp Handle ID: 3928 Operation ID: {0,1747172} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar63A.tmp Handle ID: 3928 Operation ID: {0,1747169} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab639.tmp Handle ID: 3928 Operation ID: {0,1747162} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2044 Operation ID: {0,1747126} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2044 Operation ID: {0,1747088} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1704 Operation ID: {0,1747044} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar638.tmp Handle ID: 2044 Operation ID: {0,1746983} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab637.tmp Handle ID: 2044 Operation ID: {0,1746976} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar638.tmp Handle ID: 2044 Operation ID: {0,1746971} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar638.tmp Handle ID: 3180 Operation ID: {0,1746958} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab637.tmp Handle ID: 2044 Operation ID: {0,1746953} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab637.tmp Handle ID: 1620 Operation ID: {0,1746952} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab637.tmp Handle ID: 1620 Operation ID: {0,1746945} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar638.tmp Handle ID: 1620 Operation ID: {0,1746942} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab637.tmp Handle ID: 1620 Operation ID: {0,1746938} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1704 Operation ID: {0,1746887} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1704 Operation ID: {0,1746781} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar636.tmp Handle ID: 1620 Operation ID: {0,1746716} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab635.tmp Handle ID: 1620 Operation ID: {0,1746711} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar636.tmp Handle ID: 1620 Operation ID: {0,1746704} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar636.tmp Handle ID: 2044 Operation ID: {0,1746691} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab635.tmp Handle ID: 1620 Operation ID: {0,1746688} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab635.tmp Handle ID: 4064 Operation ID: {0,1746687} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab635.tmp Handle ID: 4064 Operation ID: {0,1746680} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar636.tmp Handle ID: 4064 Operation ID: {0,1746677} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab635.tmp Handle ID: 4064 Operation ID: {0,1746673} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2044 Operation ID: {0,1746640} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2044 Operation ID: {0,1746604} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2044 Operation ID: {0,1746565} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar634.tmp Handle ID: 1784 Operation ID: {0,1745888} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab633.tmp Handle ID: 1784 Operation ID: {0,1745883} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar634.tmp Handle ID: 1784 Operation ID: {0,1745876} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3928 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3928 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar634.tmp Handle ID: 3928 Operation ID: {0,1745863} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3896 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab633.tmp Handle ID: 1784 Operation ID: {0,1745860} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab633.tmp Handle ID: 3896 Operation ID: {0,1745859} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3896 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab633.tmp Handle ID: 3896 Operation ID: {0,1745852} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar634.tmp Handle ID: 3896 Operation ID: {0,1745849} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab633.tmp Handle ID: 3896 Operation ID: {0,1745845} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4064 Operation ID: {0,1745794} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4064 Operation ID: {0,1745699} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3928 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3928 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar632.tmp Handle ID: 3928 Operation ID: {0,1745662} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3928 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3928 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab631.tmp Handle ID: 3928 Operation ID: {0,1745655} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3928 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar632.tmp Handle ID: 3928 Operation ID: {0,1745650} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3896 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3896 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3928 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar632.tmp Handle ID: 3896 Operation ID: {0,1745637} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab631.tmp Handle ID: 3928 Operation ID: {0,1745632} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab631.tmp Handle ID: 2700 Operation ID: {0,1745631} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab631.tmp Handle ID: 2700 Operation ID: {0,1745624} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar632.tmp Handle ID: 2700 Operation ID: {0,1745621} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab631.tmp Handle ID: 2700 Operation ID: {0,1745616} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3896 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3896 Operation ID: {0,1745585} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3896 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3896 Operation ID: {0,1745545} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4064 Operation ID: {0,1745504} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3196 Operation ID: {0,1745422} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar630.tmp Handle ID: 2700 Operation ID: {0,1745397} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab62F.tmp Handle ID: 2700 Operation ID: {0,1745390} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar630.tmp Handle ID: 2700 Operation ID: {0,1745385} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar630.tmp Handle ID: 3196 Operation ID: {0,1745372} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3928 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab62F.tmp Handle ID: 2700 Operation ID: {0,1745367} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab62F.tmp Handle ID: 3928 Operation ID: {0,1745366} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3928 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab62F.tmp Handle ID: 3928 Operation ID: {0,1745359} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar630.tmp Handle ID: 3928 Operation ID: {0,1745356} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab62F.tmp Handle ID: 3928 Operation ID: {0,1745352} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4064 Operation ID: {0,1745301} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4064 Operation ID: {0,1745201} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3896 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3896 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar62E.tmp Handle ID: 3896 Operation ID: {0,1745114} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3896 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3896 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab62D.tmp Handle ID: 3896 Operation ID: {0,1745109} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3896 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar62E.tmp Handle ID: 3896 Operation ID: {0,1745102} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3896 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar62E.tmp Handle ID: 2700 Operation ID: {0,1745089} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab62D.tmp Handle ID: 3896 Operation ID: {0,1745086} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab62D.tmp Handle ID: 3476 Operation ID: {0,1745085} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab62D.tmp Handle ID: 3476 Operation ID: {0,1745078} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar62E.tmp Handle ID: 3476 Operation ID: {0,1745075} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab62D.tmp Handle ID: 3476 Operation ID: {0,1745071} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2700 Operation ID: {0,1745037} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2700 Operation ID: {0,1745001} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4064 Operation ID: {0,1744960} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3928 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3928 Operation ID: {0,1744840} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar62C.tmp Handle ID: 3476 Operation ID: {0,1744815} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab62B.tmp Handle ID: 3476 Operation ID: {0,1744808} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar62C.tmp Handle ID: 3476 Operation ID: {0,1744803} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3928 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3928 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar62C.tmp Handle ID: 3928 Operation ID: {0,1744790} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab62B.tmp Handle ID: 3476 Operation ID: {0,1744785} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab62B.tmp Handle ID: 1784 Operation ID: {0,1744784} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab62B.tmp Handle ID: 1784 Operation ID: {0,1744777} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar62C.tmp Handle ID: 1784 Operation ID: {0,1744774} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab62B.tmp Handle ID: 1784 Operation ID: {0,1744770} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4064 Operation ID: {0,1744715} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4064 Operation ID: {0,1744602} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3928 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3928 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar62A.tmp Handle ID: 3928 Operation ID: {0,1744545} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3928 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3928 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab629.tmp Handle ID: 3928 Operation ID: {0,1744538} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3928 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar62A.tmp Handle ID: 3928 Operation ID: {0,1744533} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3928 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar62A.tmp Handle ID: 1784 Operation ID: {0,1744520} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab629.tmp Handle ID: 3928 Operation ID: {0,1744517} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab629.tmp Handle ID: 3188 Operation ID: {0,1744516} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab629.tmp Handle ID: 3188 Operation ID: {0,1744509} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar62A.tmp Handle ID: 3188 Operation ID: {0,1744506} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab629.tmp Handle ID: 3188 Operation ID: {0,1744502} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1784 Operation ID: {0,1744467} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1784 Operation ID: {0,1744431} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4064 Operation ID: {0,1744381} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3196 Operation ID: {0,1744282} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar628.tmp Handle ID: 1784 Operation ID: {0,1744257} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab627.tmp Handle ID: 1784 Operation ID: {0,1744252} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar628.tmp Handle ID: 1784 Operation ID: {0,1744245} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar628.tmp Handle ID: 3196 Operation ID: {0,1744232} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3896 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab627.tmp Handle ID: 1784 Operation ID: {0,1744229} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab627.tmp Handle ID: 3896 Operation ID: {0,1744228} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3896 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab627.tmp Handle ID: 3896 Operation ID: {0,1744221} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar628.tmp Handle ID: 3896 Operation ID: {0,1744218} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab627.tmp Handle ID: 3896 Operation ID: {0,1744214} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4064 Operation ID: {0,1744162} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4064 Operation ID: {0,1744041} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3896 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3896 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar626.tmp Handle ID: 3896 Operation ID: {0,1743976} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3896 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3896 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab625.tmp Handle ID: 3896 Operation ID: {0,1743969} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3896 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar626.tmp Handle ID: 3896 Operation ID: {0,1743964} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3896 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar626.tmp Handle ID: 2700 Operation ID: {0,1743949} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab625.tmp Handle ID: 3896 Operation ID: {0,1743946} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab625.tmp Handle ID: 1784 Operation ID: {0,1743945} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab625.tmp Handle ID: 1784 Operation ID: {0,1743938} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar626.tmp Handle ID: 1784 Operation ID: {0,1743933} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab625.tmp Handle ID: 1784 Operation ID: {0,1743928} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2700 Operation ID: {0,1743889} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2700 Operation ID: {0,1743852} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3188 Operation ID: {0,1743808} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar624.tmp Handle ID: 1784 Operation ID: {0,1743716} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab623.tmp Handle ID: 1784 Operation ID: {0,1743709} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar624.tmp Handle ID: 1784 Operation ID: {0,1743704} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar624.tmp Handle ID: 3476 Operation ID: {0,1743691} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3896 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab623.tmp Handle ID: 1784 Operation ID: {0,1743688} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab623.tmp Handle ID: 3896 Operation ID: {0,1743687} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3896 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab623.tmp Handle ID: 3896 Operation ID: {0,1743678} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar624.tmp Handle ID: 3896 Operation ID: {0,1743675} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab623.tmp Handle ID: 3896 Operation ID: {0,1743671} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3188 Operation ID: {0,1743617} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3188 Operation ID: {0,1743449} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar622.tmp Handle ID: 2700 Operation ID: {0,1743361} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab621.tmp Handle ID: 2700 Operation ID: {0,1743354} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar622.tmp Handle ID: 2700 Operation ID: {0,1743349} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2700 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2700 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar622.tmp Handle ID: 1784 Operation ID: {0,1743336} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab621.tmp Handle ID: 2700 Operation ID: {0,1743333} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab621.tmp Handle ID: 3212 Operation ID: {0,1743332} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab621.tmp Handle ID: 3212 Operation ID: {0,1743323} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar622.tmp Handle ID: 3212 Operation ID: {0,1743322} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab621.tmp Handle ID: 3212 Operation ID: {0,1743318} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1784 Operation ID: {0,1743285} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1784 Operation ID: {0,1743249} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1784 Operation ID: {0,1743210} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3220 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3220 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3220 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3220 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar620.tmp Handle ID: 3220 Operation ID: {0,1741961} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3220 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3220 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3220 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3220 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab61F.tmp Handle ID: 3220 Operation ID: {0,1741954} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3220 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3220 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar620.tmp Handle ID: 3220 Operation ID: {0,1741949} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3220 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3220 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar620.tmp Handle ID: 1784 Operation ID: {0,1741934} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab61F.tmp Handle ID: 3220 Operation ID: {0,1741931} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab61F.tmp Handle ID: 1620 Operation ID: {0,1741930} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab61F.tmp Handle ID: 1620 Operation ID: {0,1741923} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar620.tmp Handle ID: 1620 Operation ID: {0,1741920} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab61F.tmp Handle ID: 1620 Operation ID: {0,1741916} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3188 Operation ID: {0,1741862} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3188 Operation ID: {0,1741735} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar61E.tmp Handle ID: 1784 Operation ID: {0,1741670} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab61D.tmp Handle ID: 1784 Operation ID: {0,1741663} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar61E.tmp Handle ID: 1784 Operation ID: {0,1741658} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar61E.tmp Handle ID: 1620 Operation ID: {0,1741645} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab61D.tmp Handle ID: 1784 Operation ID: {0,1741642} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab61D.tmp Handle ID: 3196 Operation ID: {0,1741641} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab61D.tmp Handle ID: 3196 Operation ID: {0,1741633} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar61E.tmp Handle ID: 3196 Operation ID: {0,1741631} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab61D.tmp Handle ID: 3196 Operation ID: {0,1741627} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1620 Operation ID: {0,1741594} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1620 Operation ID: {0,1741558} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1704 Operation ID: {0,1741510} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1772 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1772 Operation ID: {0,1741425} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar61C.tmp Handle ID: 3196 Operation ID: {0,1741400} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab61B.tmp Handle ID: 3196 Operation ID: {0,1741395} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar61C.tmp Handle ID: 3196 Operation ID: {0,1741388} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1772 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1772 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar61C.tmp Handle ID: 1772 Operation ID: {0,1741375} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab61B.tmp Handle ID: 3196 Operation ID: {0,1741372} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab61B.tmp Handle ID: 1784 Operation ID: {0,1741371} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab61B.tmp Handle ID: 1784 Operation ID: {0,1741364} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar61C.tmp Handle ID: 1784 Operation ID: {0,1741361} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab61B.tmp Handle ID: 1784 Operation ID: {0,1741357} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3188 Operation ID: {0,1741306} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3188 Operation ID: {0,1741180} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar61A.tmp Handle ID: 1620 Operation ID: {0,1741101} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab619.tmp Handle ID: 1620 Operation ID: {0,1741095} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar61A.tmp Handle ID: 1620 Operation ID: {0,1741089} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar61A.tmp Handle ID: 3196 Operation ID: {0,1741076} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab619.tmp Handle ID: 1620 Operation ID: {0,1741071} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab619.tmp Handle ID: 2044 Operation ID: {0,1741070} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab619.tmp Handle ID: 2044 Operation ID: {0,1741061} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar61A.tmp Handle ID: 2044 Operation ID: {0,1741058} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab619.tmp Handle ID: 2044 Operation ID: {0,1741054} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3196 Operation ID: {0,1741019} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3196 Operation ID: {0,1740983} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3188 Operation ID: {0,1740942} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1784 Operation ID: {0,1740868} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar618.tmp Handle ID: 2044 Operation ID: {0,1740845} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab617.tmp Handle ID: 2044 Operation ID: {0,1740838} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar618.tmp Handle ID: 2044 Operation ID: {0,1740831} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3220 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar618.tmp Handle ID: 1784 Operation ID: {0,1740818} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3220 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab617.tmp Handle ID: 2044 Operation ID: {0,1740815} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab617.tmp Handle ID: 3220 Operation ID: {0,1740814} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3220 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3220 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab617.tmp Handle ID: 3220 Operation ID: {0,1740805} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3220 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar618.tmp Handle ID: 3220 Operation ID: {0,1740802} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3220 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab617.tmp Handle ID: 3220 Operation ID: {0,1740800} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3188 Operation ID: {0,1740746} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3188 Operation ID: {0,1740646} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar616.tmp Handle ID: 1784 Operation ID: {0,1740419} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab615.tmp Handle ID: 1784 Operation ID: {0,1740412} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar616.tmp Handle ID: 1784 Operation ID: {0,1740405} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar616.tmp Handle ID: 1620 Operation ID: {0,1740387} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab615.tmp Handle ID: 1784 Operation ID: {0,1740384} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab615.tmp Handle ID: 1704 Operation ID: {0,1740383} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab615.tmp Handle ID: 1704 Operation ID: {0,1740374} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar616.tmp Handle ID: 1704 Operation ID: {0,1740371} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab615.tmp Handle ID: 1704 Operation ID: {0,1739942} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1620 Operation ID: {0,1739909} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1620 Operation ID: {0,1739868} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3180 Operation ID: {0,1739827} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2044 Operation ID: {0,1739760} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar614.tmp Handle ID: 1620 Operation ID: {0,1739732} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab613.tmp Handle ID: 1620 Operation ID: {0,1739723} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar614.tmp Handle ID: 1620 Operation ID: {0,1739718} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar614.tmp Handle ID: 2044 Operation ID: {0,1739700} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3928 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab613.tmp Handle ID: 1620 Operation ID: {0,1739695} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab613.tmp Handle ID: 3928 Operation ID: {0,1739694} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3928 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab613.tmp Handle ID: 3928 Operation ID: {0,1739687} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar614.tmp Handle ID: 3928 Operation ID: {0,1739684} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab613.tmp Handle ID: 3928 Operation ID: {0,1739680} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3180 Operation ID: {0,1739626} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3180 Operation ID: {0,1739509} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar612.tmp Handle ID: 1704 Operation ID: {0,1739454} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab611.tmp Handle ID: 1704 Operation ID: {0,1739451} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar612.tmp Handle ID: 1704 Operation ID: {0,1739446} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar612.tmp Handle ID: 1620 Operation ID: {0,1739430} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab611.tmp Handle ID: 1704 Operation ID: {0,1739427} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab611.tmp Handle ID: 3476 Operation ID: {0,1739426} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab611.tmp Handle ID: 3476 Operation ID: {0,1739417} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar612.tmp Handle ID: 3476 Operation ID: {0,1739410} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab611.tmp Handle ID: 3476 Operation ID: {0,1739408} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1620 Operation ID: {0,1739370} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1620 Operation ID: {0,1739332} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3180 Operation ID: {0,1739286} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar610.tmp Handle ID: 3476 Operation ID: {0,1739230} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab60F.tmp Handle ID: 3476 Operation ID: {0,1739223} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar610.tmp Handle ID: 3476 Operation ID: {0,1739220} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3928 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3928 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar610.tmp Handle ID: 3928 Operation ID: {0,1739206} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3896 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab60F.tmp Handle ID: 3476 Operation ID: {0,1739203} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab60F.tmp Handle ID: 3896 Operation ID: {0,1739202} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3896 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab60F.tmp Handle ID: 3896 Operation ID: {0,1739191} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar610.tmp Handle ID: 3896 Operation ID: {0,1739188} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab60F.tmp Handle ID: 3896 Operation ID: {0,1739184} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3180 Operation ID: {0,1739133} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3188 Operation ID: {0,1739020} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3928 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3928 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar60E.tmp Handle ID: 3928 Operation ID: {0,1738977} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3928 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3928 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab60D.tmp Handle ID: 3928 Operation ID: {0,1738970} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3928 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar60E.tmp Handle ID: 3928 Operation ID: {0,1738965} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3928 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3928 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar60E.tmp Handle ID: 3196 Operation ID: {0,1738952} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab60D.tmp Handle ID: 3928 Operation ID: {0,1738949} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab60D.tmp Handle ID: 2044 Operation ID: {0,1738948} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab60D.tmp Handle ID: 2044 Operation ID: {0,1738943} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar60E.tmp Handle ID: 2044 Operation ID: {0,1738940} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab60D.tmp Handle ID: 2044 Operation ID: {0,1738936} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3196 Operation ID: {0,1738903} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3196 Operation ID: {0,1738867} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:58 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:58 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3196 Operation ID: {0,1738828} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:54 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3904 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:54 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3904 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:54 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3904 Operation ID: {0,1729579} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 628 Process ID: 128 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:52:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 628 Object Type: File Process ID: 128 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 628 Operation ID: {0,1719099} Process ID: 128 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadData (or ListDirectory) Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100001 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar60C.tmp Handle ID: 3212 Operation ID: {0,1650922} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab60B.tmp Handle ID: 3212 Operation ID: {0,1650913} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar60C.tmp Handle ID: 3212 Operation ID: {0,1650906} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar60C.tmp Handle ID: 3180 Operation ID: {0,1650891} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab60B.tmp Handle ID: 3212 Operation ID: {0,1650884} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab60B.tmp Handle ID: 1704 Operation ID: {0,1650883} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab60B.tmp Handle ID: 1704 Operation ID: {0,1650874} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar60C.tmp Handle ID: 1704 Operation ID: {0,1650869} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab60B.tmp Handle ID: 1704 Operation ID: {0,1650863} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3784 Operation ID: {0,1650810} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3784 Operation ID: {0,1650645} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar60A.tmp Handle ID: 3188 Operation ID: {0,1650610} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab609.tmp Handle ID: 3188 Operation ID: {0,1650601} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar60A.tmp Handle ID: 3188 Operation ID: {0,1650594} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar60A.tmp Handle ID: 3192 Operation ID: {0,1650579} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab609.tmp Handle ID: 3188 Operation ID: {0,1650572} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab609.tmp Handle ID: 3212 Operation ID: {0,1650571} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab609.tmp Handle ID: 3212 Operation ID: {0,1650562} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar60A.tmp Handle ID: 3212 Operation ID: {0,1650555} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab609.tmp Handle ID: 3212 Operation ID: {0,1650550} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3192 Operation ID: {0,1650512} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3192 Operation ID: {0,1650474} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3784 Operation ID: {0,1650431} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3896 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3896 Operation ID: {0,1650386} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar608.tmp Handle ID: 3212 Operation ID: {0,1650359} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab607.tmp Handle ID: 3212 Operation ID: {0,1650350} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar608.tmp Handle ID: 3212 Operation ID: {0,1650343} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3896 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3896 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar608.tmp Handle ID: 3896 Operation ID: {0,1650328} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab607.tmp Handle ID: 3212 Operation ID: {0,1650321} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab607.tmp Handle ID: 1704 Operation ID: {0,1650320} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab607.tmp Handle ID: 1704 Operation ID: {0,1650311} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar608.tmp Handle ID: 1704 Operation ID: {0,1650304} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab607.tmp Handle ID: 1704 Operation ID: {0,1650300} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3784 Operation ID: {0,1650247} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3784 Operation ID: {0,1650178} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3896 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3896 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar606.tmp Handle ID: 3896 Operation ID: {0,1650144} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3896 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3896 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab605.tmp Handle ID: 3896 Operation ID: {0,1650135} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3896 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar606.tmp Handle ID: 3896 Operation ID: {0,1650128} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3896 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar606.tmp Handle ID: 1704 Operation ID: {0,1650113} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab605.tmp Handle ID: 3896 Operation ID: {0,1650106} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab605.tmp Handle ID: 1788 Operation ID: {0,1650105} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab605.tmp Handle ID: 1788 Operation ID: {0,1650096} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar606.tmp Handle ID: 1788 Operation ID: {0,1650091} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab605.tmp Handle ID: 1788 Operation ID: {0,1650083} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1704 Operation ID: {0,1650052} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1704 Operation ID: {0,1650018} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3784 Operation ID: {0,1649975} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3996 Operation ID: {0,1649926} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar604.tmp Handle ID: 1704 Operation ID: {0,1649899} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab603.tmp Handle ID: 1704 Operation ID: {0,1649890} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar604.tmp Handle ID: 1704 Operation ID: {0,1649883} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar604.tmp Handle ID: 3996 Operation ID: {0,1649868} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab603.tmp Handle ID: 1704 Operation ID: {0,1649861} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab603.tmp Handle ID: 3180 Operation ID: {0,1649860} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab603.tmp Handle ID: 3180 Operation ID: {0,1649851} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar604.tmp Handle ID: 3180 Operation ID: {0,1649844} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab603.tmp Handle ID: 3180 Operation ID: {0,1649840} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3784 Operation ID: {0,1649787} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3784 Operation ID: {0,1649724} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar602.tmp Handle ID: 3180 Operation ID: {0,1649682} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab601.tmp Handle ID: 3180 Operation ID: {0,1649673} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar602.tmp Handle ID: 3180 Operation ID: {0,1649666} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar602.tmp Handle ID: 1704 Operation ID: {0,1649649} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab601.tmp Handle ID: 3180 Operation ID: {0,1649644} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab601.tmp Handle ID: 3192 Operation ID: {0,1649643} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab601.tmp Handle ID: 3192 Operation ID: {0,1649632} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar602.tmp Handle ID: 3192 Operation ID: {0,1649629} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab601.tmp Handle ID: 3192 Operation ID: {0,1649623} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1704 Operation ID: {0,1649588} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1704 Operation ID: {0,1649550} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3784 Operation ID: {0,1649507} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4080 Operation ID: {0,1649462} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar600.tmp Handle ID: 3192 Operation ID: {0,1649433} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5FF.tmp Handle ID: 3192 Operation ID: {0,1649424} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar600.tmp Handle ID: 3192 Operation ID: {0,1649417} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar600.tmp Handle ID: 4080 Operation ID: {0,1649402} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5FF.tmp Handle ID: 3192 Operation ID: {0,1649395} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5FF.tmp Handle ID: 3212 Operation ID: {0,1649394} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5FF.tmp Handle ID: 3212 Operation ID: {0,1649385} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar600.tmp Handle ID: 3212 Operation ID: {0,1649380} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5FF.tmp Handle ID: 3212 Operation ID: {0,1649374} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3784 Operation ID: {0,1649317} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3784 Operation ID: {0,1649254} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5FE.tmp Handle ID: 4080 Operation ID: {0,1649220} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5FD.tmp Handle ID: 4080 Operation ID: {0,1649213} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5FE.tmp Handle ID: 4080 Operation ID: {0,1649206} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5FE.tmp Handle ID: 3212 Operation ID: {0,1649189} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3896 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5FD.tmp Handle ID: 4080 Operation ID: {0,1649184} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5FD.tmp Handle ID: 3896 Operation ID: {0,1649183} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3896 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5FD.tmp Handle ID: 3896 Operation ID: {0,1649172} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5FE.tmp Handle ID: 3896 Operation ID: {0,1649169} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5FD.tmp Handle ID: 3896 Operation ID: {0,1649161} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3212 Operation ID: {0,1649130} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3212 Operation ID: {0,1649096} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3784 Operation ID: {0,1649053} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5FC.tmp Handle ID: 3212 Operation ID: {0,1649013} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5FB.tmp Handle ID: 3212 Operation ID: {0,1649008} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5FC.tmp Handle ID: 3212 Operation ID: {0,1649005} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5FC.tmp Handle ID: 3188 Operation ID: {0,1648989} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5FB.tmp Handle ID: 3212 Operation ID: {0,1648987} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5FB.tmp Handle ID: 3996 Operation ID: {0,1648986} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5FB.tmp Handle ID: 3996 Operation ID: {0,1648975} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5FC.tmp Handle ID: 3996 Operation ID: {0,1648974} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5FB.tmp Handle ID: 3996 Operation ID: {0,1648970} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3784 Operation ID: {0,1648917} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3784 Operation ID: {0,1648753} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3896 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3896 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5FA.tmp Handle ID: 3896 Operation ID: {0,1648627} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3896 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3896 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5F9.tmp Handle ID: 3896 Operation ID: {0,1648618} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3896 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5FA.tmp Handle ID: 3896 Operation ID: {0,1648611} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3896 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3896 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5FA.tmp Handle ID: 3212 Operation ID: {0,1648594} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5F9.tmp Handle ID: 3896 Operation ID: {0,1648589} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5F9.tmp Handle ID: 1704 Operation ID: {0,1648588} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5F9.tmp Handle ID: 1704 Operation ID: {0,1648577} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5FA.tmp Handle ID: 1704 Operation ID: {0,1648574} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5F9.tmp Handle ID: 1704 Operation ID: {0,1648568} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3212 Operation ID: {0,1648537} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3212 Operation ID: {0,1648499} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3212 Operation ID: {0,1648462} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5F8.tmp Handle ID: 3196 Operation ID: {0,1648049} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5F7.tmp Handle ID: 3196 Operation ID: {0,1648040} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5F8.tmp Handle ID: 3196 Operation ID: {0,1648033} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5F8.tmp Handle ID: 3212 Operation ID: {0,1648018} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5F7.tmp Handle ID: 3196 Operation ID: {0,1648011} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5F7.tmp Handle ID: 1704 Operation ID: {0,1648010} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5F7.tmp Handle ID: 1704 Operation ID: {0,1648001} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5F8.tmp Handle ID: 1704 Operation ID: {0,1647996} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5F7.tmp Handle ID: 1704 Operation ID: {0,1647992} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3784 Operation ID: {0,1647939} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3784 Operation ID: {0,1647872} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5F6.tmp Handle ID: 3212 Operation ID: {0,1647835} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5F5.tmp Handle ID: 3212 Operation ID: {0,1647826} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5F6.tmp Handle ID: 3212 Operation ID: {0,1647819} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5F6.tmp Handle ID: 1704 Operation ID: {0,1647804} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5F5.tmp Handle ID: 3212 Operation ID: {0,1647797} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5F5.tmp Handle ID: 3180 Operation ID: {0,1647796} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5F5.tmp Handle ID: 3180 Operation ID: {0,1647787} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5F6.tmp Handle ID: 3180 Operation ID: {0,1647782} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5F5.tmp Handle ID: 3180 Operation ID: {0,1647774} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1704 Operation ID: {0,1647745} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1704 Operation ID: {0,1647709} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3784 Operation ID: {0,1647666} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3192 Operation ID: {0,1647621} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5F4.tmp Handle ID: 1704 Operation ID: {0,1647598} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5F3.tmp Handle ID: 1704 Operation ID: {0,1647597} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5F4.tmp Handle ID: 1704 Operation ID: {0,1647596} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5F4.tmp Handle ID: 3192 Operation ID: {0,1647595} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5F3.tmp Handle ID: 1704 Operation ID: {0,1647594} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5F3.tmp Handle ID: 4080 Operation ID: {0,1647593} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5F3.tmp Handle ID: 4080 Operation ID: {0,1647590} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5F4.tmp Handle ID: 4080 Operation ID: {0,1647589} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5F3.tmp Handle ID: 4080 Operation ID: {0,1647585} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3784 Operation ID: {0,1647532} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3784 Operation ID: {0,1647463} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5F2.tmp Handle ID: 3180 Operation ID: {0,1647427} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5F1.tmp Handle ID: 3180 Operation ID: {0,1647418} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5F2.tmp Handle ID: 3180 Operation ID: {0,1647411} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5F2.tmp Handle ID: 4080 Operation ID: {0,1647396} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5F1.tmp Handle ID: 3180 Operation ID: {0,1647389} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5F1.tmp Handle ID: 1788 Operation ID: {0,1647388} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5F1.tmp Handle ID: 1788 Operation ID: {0,1647379} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5F2.tmp Handle ID: 1788 Operation ID: {0,1647374} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5F1.tmp Handle ID: 1788 Operation ID: {0,1647368} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4080 Operation ID: {0,1647333} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4080 Operation ID: {0,1647295} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3784 Operation ID: {0,1647252} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3192 Operation ID: {0,1647209} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5F0.tmp Handle ID: 1788 Operation ID: {0,1647180} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5EF.tmp Handle ID: 1788 Operation ID: {0,1647171} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5F0.tmp Handle ID: 1788 Operation ID: {0,1647164} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5F0.tmp Handle ID: 3192 Operation ID: {0,1647149} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5EF.tmp Handle ID: 1788 Operation ID: {0,1647142} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5EF.tmp Handle ID: 3196 Operation ID: {0,1647141} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5EF.tmp Handle ID: 3196 Operation ID: {0,1647132} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5F0.tmp Handle ID: 3196 Operation ID: {0,1647125} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5EF.tmp Handle ID: 3196 Operation ID: {0,1647121} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3784 Operation ID: {0,1647068} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3784 Operation ID: {0,1647000} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5EE.tmp Handle ID: 3180 Operation ID: {0,1646962} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5ED.tmp Handle ID: 3180 Operation ID: {0,1646953} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5EE.tmp Handle ID: 3180 Operation ID: {0,1646946} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5EE.tmp Handle ID: 1704 Operation ID: {0,1646929} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5ED.tmp Handle ID: 3180 Operation ID: {0,1646924} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5ED.tmp Handle ID: 3196 Operation ID: {0,1646923} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5ED.tmp Handle ID: 3196 Operation ID: {0,1646912} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5EE.tmp Handle ID: 3196 Operation ID: {0,1646905} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5ED.tmp Handle ID: 3196 Operation ID: {0,1646901} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1704 Operation ID: {0,1646872} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1704 Operation ID: {0,1646836} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3784 Operation ID: {0,1646793} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3192 Operation ID: {0,1646744} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5EC.tmp Handle ID: 1704 Operation ID: {0,1646715} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5EB.tmp Handle ID: 1704 Operation ID: {0,1646706} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5EC.tmp Handle ID: 1704 Operation ID: {0,1646699} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5EC.tmp Handle ID: 3192 Operation ID: {0,1646684} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5EB.tmp Handle ID: 1704 Operation ID: {0,1646677} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5EB.tmp Handle ID: 3188 Operation ID: {0,1646676} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5EB.tmp Handle ID: 3188 Operation ID: {0,1646667} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5EC.tmp Handle ID: 3188 Operation ID: {0,1646660} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5EB.tmp Handle ID: 3188 Operation ID: {0,1646656} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3784 Operation ID: {0,1646603} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3784 Operation ID: {0,1646539} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5EA.tmp Handle ID: 3196 Operation ID: {0,1646406} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5E9.tmp Handle ID: 3196 Operation ID: {0,1646397} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5EA.tmp Handle ID: 3196 Operation ID: {0,1646388} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5EA.tmp Handle ID: 3188 Operation ID: {0,1646375} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5E9.tmp Handle ID: 3196 Operation ID: {0,1646368} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5E9.tmp Handle ID: 1788 Operation ID: {0,1646367} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5E9.tmp Handle ID: 1788 Operation ID: {0,1646358} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5EA.tmp Handle ID: 1788 Operation ID: {0,1646353} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5E9.tmp Handle ID: 1788 Operation ID: {0,1646347} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3188 Operation ID: {0,1646312} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3188 Operation ID: {0,1646273} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3784 Operation ID: {0,1646229} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5E8.tmp Handle ID: 1788 Operation ID: {0,1646013} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5E7.tmp Handle ID: 1788 Operation ID: {0,1646004} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5E8.tmp Handle ID: 1788 Operation ID: {0,1645997} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5E8.tmp Handle ID: 3192 Operation ID: {0,1645982} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5E7.tmp Handle ID: 1788 Operation ID: {0,1645975} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5E7.tmp Handle ID: 3996 Operation ID: {0,1645974} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5E7.tmp Handle ID: 3996 Operation ID: {0,1645965} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5E8.tmp Handle ID: 3996 Operation ID: {0,1645958} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5E7.tmp Handle ID: 3996 Operation ID: {0,1645954} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3204 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3204 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3204 Operation ID: {0,1645845} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3204 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3204 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3204 Operation ID: {0,1645777} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5E6.tmp Handle ID: 3192 Operation ID: {0,1645699} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5E5.tmp Handle ID: 3192 Operation ID: {0,1645690} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5E6.tmp Handle ID: 3192 Operation ID: {0,1645681} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5E6.tmp Handle ID: 3996 Operation ID: {0,1645666} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5E5.tmp Handle ID: 3192 Operation ID: {0,1645659} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5E5.tmp Handle ID: 3180 Operation ID: {0,1645658} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5E5.tmp Handle ID: 3180 Operation ID: {0,1645649} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5E6.tmp Handle ID: 3180 Operation ID: {0,1645642} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5E5.tmp Handle ID: 3180 Operation ID: {0,1645638} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3996 Operation ID: {0,1645603} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3996 Operation ID: {0,1645565} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3996 Operation ID: {0,1645519} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5E4.tmp Handle ID: 1620 Operation ID: {0,1643180} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5E3.tmp Handle ID: 1620 Operation ID: {0,1643171} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5E4.tmp Handle ID: 1620 Operation ID: {0,1643164} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5E4.tmp Handle ID: 3996 Operation ID: {0,1643149} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5E3.tmp Handle ID: 1620 Operation ID: {0,1643142} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5E3.tmp Handle ID: 3180 Operation ID: {0,1643141} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5E3.tmp Handle ID: 3180 Operation ID: {0,1643132} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5E4.tmp Handle ID: 3180 Operation ID: {0,1643125} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5E3.tmp Handle ID: 3180 Operation ID: {0,1643121} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3204 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3204 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3204 Operation ID: {0,1643068} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3204 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3204 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3204 Operation ID: {0,1643004} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5E2.tmp Handle ID: 3180 Operation ID: {0,1642966} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5E1.tmp Handle ID: 3180 Operation ID: {0,1642957} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5E2.tmp Handle ID: 3180 Operation ID: {0,1642948} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5E2.tmp Handle ID: 1620 Operation ID: {0,1642935} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5E1.tmp Handle ID: 3180 Operation ID: {0,1642928} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5E1.tmp Handle ID: 3804 Operation ID: {0,1642927} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5E1.tmp Handle ID: 3804 Operation ID: {0,1642918} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5E2.tmp Handle ID: 3804 Operation ID: {0,1642911} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5E1.tmp Handle ID: 3804 Operation ID: {0,1642907} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1620 Operation ID: {0,1642872} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1620 Operation ID: {0,1642834} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3204 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3204 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3204 Operation ID: {0,1642791} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1788 Operation ID: {0,1642673} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5E0.tmp Handle ID: 3804 Operation ID: {0,1642619} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5DF.tmp Handle ID: 3804 Operation ID: {0,1642610} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5E0.tmp Handle ID: 3804 Operation ID: {0,1642601} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5E0.tmp Handle ID: 1788 Operation ID: {0,1642588} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5DF.tmp Handle ID: 3804 Operation ID: {0,1642581} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5DF.tmp Handle ID: 1704 Operation ID: {0,1642580} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5DF.tmp Handle ID: 1704 Operation ID: {0,1642571} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5E0.tmp Handle ID: 1704 Operation ID: {0,1642564} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5DF.tmp Handle ID: 1704 Operation ID: {0,1642555} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3204 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3204 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3204 Operation ID: {0,1642405} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3204 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3204 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3204 Operation ID: {0,1642233} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5DE.tmp Handle ID: 3188 Operation ID: {0,1642201} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5DD.tmp Handle ID: 3188 Operation ID: {0,1642196} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5DE.tmp Handle ID: 3188 Operation ID: {0,1642193} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5DE.tmp Handle ID: 1704 Operation ID: {0,1642178} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5DD.tmp Handle ID: 3188 Operation ID: {0,1642175} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5DD.tmp Handle ID: 3196 Operation ID: {0,1642174} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5DD.tmp Handle ID: 3196 Operation ID: {0,1642165} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5DE.tmp Handle ID: 3196 Operation ID: {0,1642164} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5DD.tmp Handle ID: 3196 Operation ID: {0,1641852} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1704 Operation ID: {0,1641821} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1704 Operation ID: {0,1641785} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3204 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3204 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3204 Operation ID: {0,1641742} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1788 Operation ID: {0,1641449} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5DC.tmp Handle ID: 1704 Operation ID: {0,1641413} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5DB.tmp Handle ID: 1704 Operation ID: {0,1641401} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5DC.tmp Handle ID: 1704 Operation ID: {0,1641375} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5DC.tmp Handle ID: 1788 Operation ID: {0,1641332} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5DB.tmp Handle ID: 1704 Operation ID: {0,1641325} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5DB.tmp Handle ID: 3996 Operation ID: {0,1641323} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5DB.tmp Handle ID: 3996 Operation ID: {0,1641283} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5DC.tmp Handle ID: 3996 Operation ID: {0,1641271} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5DB.tmp Handle ID: 3996 Operation ID: {0,1641265} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3204 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3204 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3204 Operation ID: {0,1641214} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3204 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3204 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3204 Operation ID: {0,1639341} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5DA.tmp Handle ID: 3196 Operation ID: {0,1639170} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5D9.tmp Handle ID: 3196 Operation ID: {0,1639165} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5DA.tmp Handle ID: 3196 Operation ID: {0,1639158} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5DA.tmp Handle ID: 1704 Operation ID: {0,1639141} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5D9.tmp Handle ID: 3196 Operation ID: {0,1639136} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5D9.tmp Handle ID: 1620 Operation ID: {0,1639135} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5D9.tmp Handle ID: 1620 Operation ID: {0,1639124} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5DA.tmp Handle ID: 1620 Operation ID: {0,1639121} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5D9.tmp Handle ID: 1620 Operation ID: {0,1639108} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1704 Operation ID: {0,1639073} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1704 Operation ID: {0,1639033} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3204 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3204 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3204 Operation ID: {0,1638990} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3180 Operation ID: {0,1638617} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5D8.tmp Handle ID: 1620 Operation ID: {0,1638556} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5D7.tmp Handle ID: 1620 Operation ID: {0,1638549} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5D8.tmp Handle ID: 1620 Operation ID: {0,1638540} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5D8.tmp Handle ID: 3180 Operation ID: {0,1638525} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5D7.tmp Handle ID: 1620 Operation ID: {0,1638520} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5D7.tmp Handle ID: 3996 Operation ID: {0,1638519} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5D7.tmp Handle ID: 3996 Operation ID: {0,1638507} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5D8.tmp Handle ID: 3996 Operation ID: {0,1638467} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5D7.tmp Handle ID: 3996 Operation ID: {0,1638447} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3204 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3204 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3204 Operation ID: {0,1638358} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3204 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3204 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3204 Operation ID: {0,1638085} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5D6.tmp Handle ID: 3996 Operation ID: {0,1637815} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5D5.tmp Handle ID: 3996 Operation ID: {0,1637810} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5D6.tmp Handle ID: 3996 Operation ID: {0,1637803} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5D6.tmp Handle ID: 1620 Operation ID: {0,1637786} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5D5.tmp Handle ID: 3996 Operation ID: {0,1637783} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5D5.tmp Handle ID: 3188 Operation ID: {0,1637782} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5D5.tmp Handle ID: 3188 Operation ID: {0,1637773} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5D6.tmp Handle ID: 3188 Operation ID: {0,1637768} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5D5.tmp Handle ID: 3188 Operation ID: {0,1637760} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1620 Operation ID: {0,1637723} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1620 Operation ID: {0,1637685} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3204 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3204 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3204 Operation ID: {0,1637583} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5D4.tmp Handle ID: 1788 Operation ID: {0,1637207} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5D3.tmp Handle ID: 1788 Operation ID: {0,1637200} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5D4.tmp Handle ID: 1788 Operation ID: {0,1637195} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5D4.tmp Handle ID: 3804 Operation ID: {0,1637178} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5D3.tmp Handle ID: 1788 Operation ID: {0,1637173} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5D3.tmp Handle ID: 3188 Operation ID: {0,1637172} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5D3.tmp Handle ID: 3188 Operation ID: {0,1637161} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5D4.tmp Handle ID: 3188 Operation ID: {0,1637158} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5D3.tmp Handle ID: 3188 Operation ID: {0,1637147} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3204 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3204 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3204 Operation ID: {0,1637046} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3204 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3204 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3204 Operation ID: {0,1636674} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5D2.tmp Handle ID: 3996 Operation ID: {0,1636487} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5D1.tmp Handle ID: 3996 Operation ID: {0,1636478} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5D2.tmp Handle ID: 3996 Operation ID: {0,1636471} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5D2.tmp Handle ID: 1788 Operation ID: {0,1636238} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5D1.tmp Handle ID: 3996 Operation ID: {0,1636224} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5D1.tmp Handle ID: 1704 Operation ID: {0,1636222} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5D1.tmp Handle ID: 1704 Operation ID: {0,1636153} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5D2.tmp Handle ID: 1704 Operation ID: {0,1636143} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5D1.tmp Handle ID: 1704 Operation ID: {0,1636137} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1788 Operation ID: {0,1636102} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1788 Operation ID: {0,1636059} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1788 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1788 Operation ID: {0,1636018} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5D0.tmp Handle ID: 3188 Operation ID: {0,1602992} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5CF.tmp Handle ID: 3188 Operation ID: {0,1602985} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5D0.tmp Handle ID: 3188 Operation ID: {0,1602976} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5D0.tmp Handle ID: 3804 Operation ID: {0,1602963} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5CF.tmp Handle ID: 3188 Operation ID: {0,1602956} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5CF.tmp Handle ID: 3212 Operation ID: {0,1602955} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5CF.tmp Handle ID: 3212 Operation ID: {0,1602946} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5D0.tmp Handle ID: 3212 Operation ID: {0,1602939} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5CF.tmp Handle ID: 3212 Operation ID: {0,1602935} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4024 Operation ID: {0,1602884} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4024 Operation ID: {0,1602823} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5CE.tmp Handle ID: 3196 Operation ID: {0,1602793} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5CD.tmp Handle ID: 3196 Operation ID: {0,1602788} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5CE.tmp Handle ID: 3196 Operation ID: {0,1602781} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5CE.tmp Handle ID: 3188 Operation ID: {0,1602764} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5CD.tmp Handle ID: 3196 Operation ID: {0,1602759} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5CD.tmp Handle ID: 3476 Operation ID: {0,1602758} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5CD.tmp Handle ID: 3476 Operation ID: {0,1602747} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5CE.tmp Handle ID: 3476 Operation ID: {0,1602744} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5CD.tmp Handle ID: 3476 Operation ID: {0,1602738} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3188 Operation ID: {0,1602703} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3188 Operation ID: {0,1602665} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4024 Operation ID: {0,1602622} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3212 Operation ID: {0,1602573} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5CC.tmp Handle ID: 3476 Operation ID: {0,1602544} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5CB.tmp Handle ID: 3476 Operation ID: {0,1602543} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5CC.tmp Handle ID: 3476 Operation ID: {0,1602542} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5CC.tmp Handle ID: 3212 Operation ID: {0,1602540} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5CB.tmp Handle ID: 3476 Operation ID: {0,1602539} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5CB.tmp Handle ID: 3180 Operation ID: {0,1602538} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5CB.tmp Handle ID: 3180 Operation ID: {0,1602535} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5CC.tmp Handle ID: 3180 Operation ID: {0,1602534} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5CB.tmp Handle ID: 3180 Operation ID: {0,1602530} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4024 Operation ID: {0,1602477} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4024 Operation ID: {0,1602405} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5CA.tmp Handle ID: 3212 Operation ID: {0,1602291} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5C9.tmp Handle ID: 3212 Operation ID: {0,1602282} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5CA.tmp Handle ID: 3212 Operation ID: {0,1602279} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5CA.tmp Handle ID: 3180 Operation ID: {0,1602262} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5C9.tmp Handle ID: 3212 Operation ID: {0,1602257} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5C9.tmp Handle ID: 1704 Operation ID: {0,1602256} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5C9.tmp Handle ID: 1704 Operation ID: {0,1602245} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5CA.tmp Handle ID: 1704 Operation ID: {0,1602242} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5C9.tmp Handle ID: 1704 Operation ID: {0,1602236} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3180 Operation ID: {0,1602197} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3180 Operation ID: {0,1602159} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3248 Operation ID: {0,1602115} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1784 Operation ID: {0,1602066} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5C8.tmp Handle ID: 1704 Operation ID: {0,1602039} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5C7.tmp Handle ID: 1704 Operation ID: {0,1602034} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5C8.tmp Handle ID: 1704 Operation ID: {0,1602027} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5C8.tmp Handle ID: 1784 Operation ID: {0,1602010} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5C7.tmp Handle ID: 1704 Operation ID: {0,1602005} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5C7.tmp Handle ID: 3804 Operation ID: {0,1602004} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5C7.tmp Handle ID: 3804 Operation ID: {0,1601993} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5C8.tmp Handle ID: 3804 Operation ID: {0,1601990} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5C7.tmp Handle ID: 3804 Operation ID: {0,1601984} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3248 Operation ID: {0,1601931} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3248 Operation ID: {0,1601868} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5C6.tmp Handle ID: 3804 Operation ID: {0,1601832} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5C5.tmp Handle ID: 3804 Operation ID: {0,1601827} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5C6.tmp Handle ID: 3804 Operation ID: {0,1601820} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5C6.tmp Handle ID: 1704 Operation ID: {0,1601803} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5C5.tmp Handle ID: 3804 Operation ID: {0,1601798} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5C5.tmp Handle ID: 3188 Operation ID: {0,1601797} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5C5.tmp Handle ID: 3188 Operation ID: {0,1601786} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5C6.tmp Handle ID: 3188 Operation ID: {0,1601783} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5C5.tmp Handle ID: 3188 Operation ID: {0,1601775} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1704 Operation ID: {0,1601744} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1704 Operation ID: {0,1601712} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3248 Operation ID: {0,1601669} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1620 Operation ID: {0,1601624} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5C4.tmp Handle ID: 1704 Operation ID: {0,1601597} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5C3.tmp Handle ID: 1704 Operation ID: {0,1601592} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5C4.tmp Handle ID: 1704 Operation ID: {0,1601585} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3932 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5C4.tmp Handle ID: 1620 Operation ID: {0,1601568} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3932 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5C3.tmp Handle ID: 1704 Operation ID: {0,1601563} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5C3.tmp Handle ID: 3932 Operation ID: {0,1601562} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3932 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3932 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5C3.tmp Handle ID: 3932 Operation ID: {0,1601551} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3932 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5C4.tmp Handle ID: 3932 Operation ID: {0,1601548} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3932 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5C3.tmp Handle ID: 3932 Operation ID: {0,1601542} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3248 Operation ID: {0,1601489} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3248 Operation ID: {0,1601427} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3932 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3932 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3932 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3932 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5C2.tmp Handle ID: 3932 Operation ID: {0,1601393} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3932 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3932 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3932 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3932 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5C1.tmp Handle ID: 3932 Operation ID: {0,1601388} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3932 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3932 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5C2.tmp Handle ID: 3932 Operation ID: {0,1601381} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3932 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3932 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5C2.tmp Handle ID: 1704 Operation ID: {0,1601364} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5C1.tmp Handle ID: 3932 Operation ID: {0,1601359} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5C1.tmp Handle ID: 3180 Operation ID: {0,1601358} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5C1.tmp Handle ID: 3180 Operation ID: {0,1601347} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5C2.tmp Handle ID: 3180 Operation ID: {0,1601344} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5C1.tmp Handle ID: 3180 Operation ID: {0,1601338} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1704 Operation ID: {0,1601303} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1704 Operation ID: {0,1601265} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3248 Operation ID: {0,1601224} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5C0.tmp Handle ID: 3180 Operation ID: {0,1601190} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5BF.tmp Handle ID: 3180 Operation ID: {0,1601185} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5C0.tmp Handle ID: 3180 Operation ID: {0,1601178} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5C0.tmp Handle ID: 3196 Operation ID: {0,1601161} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5BF.tmp Handle ID: 3180 Operation ID: {0,1601156} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5BF.tmp Handle ID: 1784 Operation ID: {0,1601155} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5BF.tmp Handle ID: 1784 Operation ID: {0,1601144} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5C0.tmp Handle ID: 1784 Operation ID: {0,1601141} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5BF.tmp Handle ID: 1784 Operation ID: {0,1601135} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3248 Operation ID: {0,1601084} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3248 Operation ID: {0,1601021} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5BE.tmp Handle ID: 1784 Operation ID: {0,1600985} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5BD.tmp Handle ID: 1784 Operation ID: {0,1600980} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5BE.tmp Handle ID: 1784 Operation ID: {0,1600973} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1784 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1784 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5BE.tmp Handle ID: 3180 Operation ID: {0,1600954} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5BD.tmp Handle ID: 1784 Operation ID: {0,1600951} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5BD.tmp Handle ID: 3804 Operation ID: {0,1600950} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5BD.tmp Handle ID: 3804 Operation ID: {0,1600937} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5BE.tmp Handle ID: 3804 Operation ID: {0,1600936} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5BD.tmp Handle ID: 3804 Operation ID: {0,1600930} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3180 Operation ID: {0,1600895} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3180 Operation ID: {0,1600857} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3180 Operation ID: {0,1600818} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5BC.tmp Handle ID: 3804 Operation ID: {0,1600725} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5BB.tmp Handle ID: 3804 Operation ID: {0,1600716} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5BC.tmp Handle ID: 3804 Operation ID: {0,1600711} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5BC.tmp Handle ID: 1620 Operation ID: {0,1600693} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5BB.tmp Handle ID: 3804 Operation ID: {0,1600688} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5BB.tmp Handle ID: 3180 Operation ID: {0,1600687} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5BB.tmp Handle ID: 3180 Operation ID: {0,1600676} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5BC.tmp Handle ID: 3180 Operation ID: {0,1600673} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5BB.tmp Handle ID: 3180 Operation ID: {0,1600667} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3248 Operation ID: {0,1600614} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3248 Operation ID: {0,1600553} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5BA.tmp Handle ID: 3212 Operation ID: {0,1600514} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5B9.tmp Handle ID: 3212 Operation ID: {0,1600505} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5BA.tmp Handle ID: 3212 Operation ID: {0,1600502} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5BA.tmp Handle ID: 3804 Operation ID: {0,1600485} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5B9.tmp Handle ID: 3212 Operation ID: {0,1600480} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5B9.tmp Handle ID: 3188 Operation ID: {0,1600479} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5B9.tmp Handle ID: 3188 Operation ID: {0,1600468} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5BA.tmp Handle ID: 3188 Operation ID: {0,1600465} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5B9.tmp Handle ID: 3188 Operation ID: {0,1600459} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3804 Operation ID: {0,1600424} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3804 Operation ID: {0,1600386} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3248 Operation ID: {0,1600345} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3180 Operation ID: {0,1600295} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5B8.tmp Handle ID: 3188 Operation ID: {0,1600268} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5B7.tmp Handle ID: 3188 Operation ID: {0,1600261} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5B8.tmp Handle ID: 3188 Operation ID: {0,1600254} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5B8.tmp Handle ID: 3180 Operation ID: {0,1600239} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5B7.tmp Handle ID: 3188 Operation ID: {0,1600232} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5B7.tmp Handle ID: 1704 Operation ID: {0,1600231} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5B7.tmp Handle ID: 1704 Operation ID: {0,1600222} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5B8.tmp Handle ID: 1704 Operation ID: {0,1600215} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5B7.tmp Handle ID: 1704 Operation ID: {0,1600211} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3248 Operation ID: {0,1600160} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3248 Operation ID: {0,1600099} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5B6.tmp Handle ID: 3180 Operation ID: {0,1600061} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5B5.tmp Handle ID: 3180 Operation ID: {0,1600056} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5B6.tmp Handle ID: 3180 Operation ID: {0,1600049} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3932 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5B6.tmp Handle ID: 1704 Operation ID: {0,1600032} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3932 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5B5.tmp Handle ID: 3180 Operation ID: {0,1600027} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5B5.tmp Handle ID: 3932 Operation ID: {0,1600026} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3932 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3932 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5B5.tmp Handle ID: 3932 Operation ID: {0,1600017} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3932 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5B6.tmp Handle ID: 3932 Operation ID: {0,1600012} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3932 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5B5.tmp Handle ID: 3932 Operation ID: {0,1600006} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1704 Operation ID: {0,1599973} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1704 Operation ID: {0,1599935} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3248 Operation ID: {0,1599892} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3196 Operation ID: {0,1599842} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5B4.tmp Handle ID: 1704 Operation ID: {0,1599815} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5B3.tmp Handle ID: 1704 Operation ID: {0,1599810} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5B4.tmp Handle ID: 1704 Operation ID: {0,1599803} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5B4.tmp Handle ID: 3196 Operation ID: {0,1599784} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5B3.tmp Handle ID: 1704 Operation ID: {0,1599781} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5B3.tmp Handle ID: 1620 Operation ID: {0,1599780} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5B3.tmp Handle ID: 1620 Operation ID: {0,1599773} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5B4.tmp Handle ID: 1620 Operation ID: {0,1599768} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5B3.tmp Handle ID: 1620 Operation ID: {0,1599762} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3248 Operation ID: {0,1599709} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3248 Operation ID: {0,1599641} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3932 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3932 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3932 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3932 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5B2.tmp Handle ID: 3932 Operation ID: {0,1599604} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3932 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3932 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3932 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3932 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5B1.tmp Handle ID: 3932 Operation ID: {0,1599597} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3932 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3932 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5B2.tmp Handle ID: 3932 Operation ID: {0,1599594} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3932 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3932 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5B2.tmp Handle ID: 1704 Operation ID: {0,1599577} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5B1.tmp Handle ID: 3932 Operation ID: {0,1599572} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5B1.tmp Handle ID: 3804 Operation ID: {0,1599571} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5B1.tmp Handle ID: 3804 Operation ID: {0,1599558} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5B2.tmp Handle ID: 3804 Operation ID: {0,1599557} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5B1.tmp Handle ID: 3804 Operation ID: {0,1599551} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1704 Operation ID: {0,1599516} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1704 Operation ID: {0,1599478} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3248 Operation ID: {0,1599437} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1620 Operation ID: {0,1599392} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5B0.tmp Handle ID: 3804 Operation ID: {0,1599367} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5AF.tmp Handle ID: 3804 Operation ID: {0,1599362} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5B0.tmp Handle ID: 3804 Operation ID: {0,1599359} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5B0.tmp Handle ID: 1620 Operation ID: {0,1599340} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5AF.tmp Handle ID: 3804 Operation ID: {0,1599337} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5AF.tmp Handle ID: 3188 Operation ID: {0,1599336} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5AF.tmp Handle ID: 3188 Operation ID: {0,1599323} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5B0.tmp Handle ID: 3188 Operation ID: {0,1599322} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5AF.tmp Handle ID: 3188 Operation ID: {0,1599316} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3248 Operation ID: {0,1599263} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3248 Operation ID: {0,1599197} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5AE.tmp Handle ID: 3188 Operation ID: {0,1599158} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5AD.tmp Handle ID: 3188 Operation ID: {0,1599155} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5AE.tmp Handle ID: 3188 Operation ID: {0,1599152} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5AE.tmp Handle ID: 3804 Operation ID: {0,1599133} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5AD.tmp Handle ID: 3188 Operation ID: {0,1599130} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5AD.tmp Handle ID: 3180 Operation ID: {0,1599129} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5AD.tmp Handle ID: 3180 Operation ID: {0,1599118} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5AE.tmp Handle ID: 3180 Operation ID: {0,1599115} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5AD.tmp Handle ID: 3180 Operation ID: {0,1599109} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3804 Operation ID: {0,1599074} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3804 Operation ID: {0,1599036} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3248 Operation ID: {0,1598995} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5AC.tmp Handle ID: 3180 Operation ID: {0,1598954} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5AB.tmp Handle ID: 3180 Operation ID: {0,1598949} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5AC.tmp Handle ID: 3180 Operation ID: {0,1598942} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5AC.tmp Handle ID: 3212 Operation ID: {0,1598925} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5AB.tmp Handle ID: 3180 Operation ID: {0,1598920} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5AB.tmp Handle ID: 3196 Operation ID: {0,1598919} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5AB.tmp Handle ID: 3196 Operation ID: {0,1598908} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5AC.tmp Handle ID: 3196 Operation ID: {0,1598905} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5AB.tmp Handle ID: 3196 Operation ID: {0,1598899} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3248 Operation ID: {0,1598848} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3248 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3248 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3248 Operation ID: {0,1598782} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5AA.tmp Handle ID: 3188 Operation ID: {0,1598748} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5A9.tmp Handle ID: 3188 Operation ID: {0,1598741} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5AA.tmp Handle ID: 3188 Operation ID: {0,1598734} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5AA.tmp Handle ID: 3180 Operation ID: {0,1598719} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5A9.tmp Handle ID: 3188 Operation ID: {0,1598712} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5A9.tmp Handle ID: 1704 Operation ID: {0,1598711} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5A9.tmp Handle ID: 1704 Operation ID: {0,1598687} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5AA.tmp Handle ID: 1704 Operation ID: {0,1598684} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5A9.tmp Handle ID: 1704 Operation ID: {0,1598678} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3180 Operation ID: {0,1598643} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3180 Operation ID: {0,1598607} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3180 Operation ID: {0,1598572} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3220 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3220 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3220 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3220 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5A8.tmp Handle ID: 3220 Operation ID: {0,1598180} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3220 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3220 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3220 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3220 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5A7.tmp Handle ID: 3220 Operation ID: {0,1598175} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3220 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3220 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5A8.tmp Handle ID: 3220 Operation ID: {0,1598168} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3220 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3140 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3140 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3140 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3220 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5A8.tmp Handle ID: 3140 Operation ID: {0,1598151} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5A7.tmp Handle ID: 3220 Operation ID: {0,1598146} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5A7.tmp Handle ID: 3212 Operation ID: {0,1598145} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5A7.tmp Handle ID: 3212 Operation ID: {0,1598134} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5A8.tmp Handle ID: 3212 Operation ID: {0,1598131} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5A7.tmp Handle ID: 3212 Operation ID: {0,1598125} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3864 Operation ID: {0,1598072} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3864 Operation ID: {0,1598006} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3140 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3140 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3140 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3140 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5A6.tmp Handle ID: 3140 Operation ID: {0,1597972} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3140 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3140 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3140 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3140 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5A5.tmp Handle ID: 3140 Operation ID: {0,1597965} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3140 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3140 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5A6.tmp Handle ID: 3140 Operation ID: {0,1597960} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3140 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3140 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5A6.tmp Handle ID: 3212 Operation ID: {0,1597943} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5A5.tmp Handle ID: 3140 Operation ID: {0,1597938} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5A5.tmp Handle ID: 3196 Operation ID: {0,1597937} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5A5.tmp Handle ID: 3196 Operation ID: {0,1597926} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5A6.tmp Handle ID: 3196 Operation ID: {0,1597923} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5A5.tmp Handle ID: 3196 Operation ID: {0,1597917} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3212 Operation ID: {0,1597881} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3212 Operation ID: {0,1597843} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3744 Operation ID: {0,1597800} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1704 Operation ID: {0,1597744} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5A4.tmp Handle ID: 3804 Operation ID: {0,1597719} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5A3.tmp Handle ID: 3804 Operation ID: {0,1597714} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5A4.tmp Handle ID: 3804 Operation ID: {0,1597711} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5A4.tmp Handle ID: 1704 Operation ID: {0,1597695} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5A3.tmp Handle ID: 3804 Operation ID: {0,1597692} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5A3.tmp Handle ID: 3180 Operation ID: {0,1597691} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5A3.tmp Handle ID: 3180 Operation ID: {0,1597682} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5A4.tmp Handle ID: 3180 Operation ID: {0,1597677} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5A3.tmp Handle ID: 3180 Operation ID: {0,1597671} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1456 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1456 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1456 Operation ID: {0,1597618} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1456 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1456 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1456 Operation ID: {0,1597555} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5A2.tmp Handle ID: 1704 Operation ID: {0,1597521} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5A1.tmp Handle ID: 1704 Operation ID: {0,1597514} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5A2.tmp Handle ID: 1704 Operation ID: {0,1597509} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3932 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5A2.tmp Handle ID: 3180 Operation ID: {0,1597491} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3932 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5A1.tmp Handle ID: 1704 Operation ID: {0,1597486} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5A1.tmp Handle ID: 3932 Operation ID: {0,1597485} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3932 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3932 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5A1.tmp Handle ID: 3932 Operation ID: {0,1597474} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3932 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5A2.tmp Handle ID: 3932 Operation ID: {0,1597471} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3932 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5A1.tmp Handle ID: 3932 Operation ID: {0,1597465} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3180 Operation ID: {0,1597430} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3180 Operation ID: {0,1597394} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4032 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4032 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4032 Operation ID: {0,1597351} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1620 Operation ID: {0,1597299} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3220 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3220 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3220 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3220 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5A0.tmp Handle ID: 3220 Operation ID: {0,1597272} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3220 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3220 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3220 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3220 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab59F.tmp Handle ID: 3220 Operation ID: {0,1597265} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3220 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3220 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5A0.tmp Handle ID: 3220 Operation ID: {0,1597260} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3220 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3220 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5A0.tmp Handle ID: 1620 Operation ID: {0,1597243} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab59F.tmp Handle ID: 3220 Operation ID: {0,1597240} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab59F.tmp Handle ID: 3196 Operation ID: {0,1597239} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab59F.tmp Handle ID: 3196 Operation ID: {0,1597230} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5A0.tmp Handle ID: 3196 Operation ID: {0,1597225} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab59F.tmp Handle ID: 3196 Operation ID: {0,1597219} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3288 Operation ID: {0,1597166} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3288 Operation ID: {0,1597103} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar59E.tmp Handle ID: 3180 Operation ID: {0,1597064} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab59D.tmp Handle ID: 3180 Operation ID: {0,1597059} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar59E.tmp Handle ID: 3180 Operation ID: {0,1597052} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3220 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3220 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3220 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar59E.tmp Handle ID: 3220 Operation ID: {0,1597035} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab59D.tmp Handle ID: 3180 Operation ID: {0,1597030} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab59D.tmp Handle ID: 3212 Operation ID: {0,1597029} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab59D.tmp Handle ID: 3212 Operation ID: {0,1597018} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar59E.tmp Handle ID: 3212 Operation ID: {0,1597015} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab59D.tmp Handle ID: 3212 Operation ID: {0,1597009} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3220 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3220 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3220 Operation ID: {0,1596974} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3220 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3220 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3220 Operation ID: {0,1596936} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3260 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3260 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3260 Operation ID: {0,1596895} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3188 Operation ID: {0,1596715} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar59C.tmp Handle ID: 3212 Operation ID: {0,1596688} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab59B.tmp Handle ID: 3212 Operation ID: {0,1596683} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar59C.tmp Handle ID: 3212 Operation ID: {0,1596676} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3932 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar59C.tmp Handle ID: 3188 Operation ID: {0,1596659} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3932 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab59B.tmp Handle ID: 3212 Operation ID: {0,1596654} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab59B.tmp Handle ID: 3932 Operation ID: {0,1596653} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3932 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3932 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab59B.tmp Handle ID: 3932 Operation ID: {0,1596642} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3932 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar59C.tmp Handle ID: 3932 Operation ID: {0,1596639} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3932 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab59B.tmp Handle ID: 3932 Operation ID: {0,1596633} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3272 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3272 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3272 Operation ID: {0,1596579} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3272 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3272 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3272 Operation ID: {0,1596516} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar59A.tmp Handle ID: 3188 Operation ID: {0,1596476} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab599.tmp Handle ID: 3212 Operation ID: {0,1596469} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar59A.tmp Handle ID: 3212 Operation ID: {0,1596462} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3212 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3212 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar59A.tmp Handle ID: 3804 Operation ID: {0,1596445} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab599.tmp Handle ID: 3212 Operation ID: {0,1596440} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab599.tmp Handle ID: 3188 Operation ID: {0,1596439} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab599.tmp Handle ID: 3188 Operation ID: {0,1596428} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar59A.tmp Handle ID: 3188 Operation ID: {0,1596425} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab599.tmp Handle ID: 3188 Operation ID: {0,1596419} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3804 Operation ID: {0,1596384} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3804 Operation ID: {0,1596346} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3280 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3280 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3280 Operation ID: {0,1596305} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:24 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar598.tmp Handle ID: 1704 Operation ID: {0,1596265} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:24 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab597.tmp Handle ID: 1704 Operation ID: {0,1596260} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar598.tmp Handle ID: 1704 Operation ID: {0,1596253} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar598.tmp Handle ID: 3180 Operation ID: {0,1596238} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab597.tmp Handle ID: 1704 Operation ID: {0,1596233} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab597.tmp Handle ID: 1620 Operation ID: {0,1596232} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1620 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab597.tmp Handle ID: 1620 Operation ID: {0,1596223} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar598.tmp Handle ID: 1620 Operation ID: {0,1596218} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab597.tmp Handle ID: 1620 Operation ID: {0,1596212} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3112 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3112 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3112 Operation ID: {0,1596159} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3284 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3284 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3284 Operation ID: {0,1596090} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:24 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar596.tmp Handle ID: 1704 Operation ID: {0,1596046} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:24 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:52:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:52:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab595.tmp Handle ID: 1704 Operation ID: {0,1596041} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:52:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar596.tmp Handle ID: 1704 Operation ID: {0,1596034} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3140 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:52:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar596.tmp Handle ID: 3188 Operation ID: {0,1596017} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:52:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3140 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:52:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab595.tmp Handle ID: 1704 Operation ID: {0,1596014} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab595.tmp Handle ID: 3140 Operation ID: {0,1596011} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3140 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3140 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab595.tmp Handle ID: 3140 Operation ID: {0,1596000} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3140 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar596.tmp Handle ID: 3140 Operation ID: {0,1595997} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3140 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab595.tmp Handle ID: 3140 Operation ID: {0,1595991} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:52:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3188 Operation ID: {0,1595956} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3188 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3188 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3188 Operation ID: {0,1595918} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3140 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3140 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3140 Operation ID: {0,1595842} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:17 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:52:17 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:17 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3068 Operation ID: {0,1564926} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 368 Process ID: 2328 Image File Name: C:\WINDOWS\system32\wbem\wmiadap.exe " 4/17/2020 11:52:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 368 Object Type: Key Process ID: 2328 Image File Name: C:\WINDOWS\system32\wbem\wmiadap.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 368 Operation ID: {0,1502322} Process ID: 2328 Image File Name: C:\WINDOWS\system32\wbem\wmiadap.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 628 Process ID: 128 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:52:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 628 Object Type: Key Process ID: 128 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Memory Management Handle ID: 628 Operation ID: {0,1392581} Process ID: 128 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:52:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 152 Process ID: 2588 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe " 4/17/2020 11:52:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 152 Object Type: Key Process ID: 2588 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 152 Operation ID: {0,1392454} Process ID: 2588 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:52:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 92 Process ID: 2588 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe " 4/17/2020 11:52:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 92 Object Type: Key Process ID: 2588 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 92 Operation ID: {0,1392362} Process ID: 2588 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 92 Process ID: 2500 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe " 4/17/2020 11:52:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 92 Object Type: Key Process ID: 2500 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 92 Operation ID: {0,1392106} Process ID: 2500 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:00 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4108 Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:52:00 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4108 Object Type: File Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:00 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job Handle ID: 4108 Operation ID: {0,1391337} Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:52:00 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 140 Process ID: 1000 Image File Name: C:\Program Files\Google\Update\GoogleUpdate.exe " 4/17/2020 11:52:00 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 140 Object Type: Key Process ID: 1000 Image File Name: C:\Program Files\Google\Update\GoogleUpdate.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:00 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 140 Operation ID: {0,1390817} Process ID: 1000 Image File Name: C:\Program Files\Google\Update\GoogleUpdate.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:52:00 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 96 Process ID: 1000 Image File Name: C:\Program Files\Google\Update\GoogleUpdate.exe " 4/17/2020 11:52:00 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 96 Object Type: Key Process ID: 1000 Image File Name: C:\Program Files\Google\Update\GoogleUpdate.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:52:00 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 96 Operation ID: {0,1390581} Process ID: 1000 Image File Name: C:\Program Files\Google\Update\GoogleUpdate.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:52:00 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4108 Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:52:00 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4108 Object Type: File Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:52:00 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job Handle ID: 4108 Operation ID: {0,1390472} Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:51:54 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 3124 Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:51:54 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 3124 Object Type: Key Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:54 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3124 Operation ID: {0,1388650} Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:49 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 4604 Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:51:49 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 4604 Object Type: Key Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:49 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4604 Operation ID: {0,1352642} Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:48 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 520 Process ID: 3740 Image File Name: C:\WINDOWS\explorer.exe " 4/17/2020 11:51:48 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 520 Object Type: Key Process ID: 3740 Image File Name: C:\WINDOWS\explorer.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:48 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 520 Operation ID: {0,1341734} Process ID: 3740 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:48 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 128 Process ID: 3740 Image File Name: C:\WINDOWS\explorer.exe " 4/17/2020 11:51:48 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 128 Object Type: Key Process ID: 3740 Image File Name: C:\WINDOWS\explorer.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:48 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 128 Operation ID: {0,1338726} Process ID: 3740 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:51:48 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 92 Process ID: 3740 Image File Name: C:\WINDOWS\explorer.exe " 4/17/2020 11:51:48 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 92 Object Type: Key Process ID: 3740 Image File Name: C:\WINDOWS\explorer.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:48 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 92 Operation ID: {0,1338659} Process ID: 3740 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:46 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 72 Process ID: 3816 Image File Name: C:\WINDOWS\system32\dumprep.exe " 4/17/2020 11:51:46 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 72 Object Type: Key Process ID: 3816 Image File Name: C:\WINDOWS\system32\dumprep.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:46 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 72 Operation ID: {0,1337421} Process ID: 3816 Image File Name: C:\WINDOWS\system32\dumprep.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 320 Process ID: 1524 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:51:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 320 Object Type: Key Process ID: 1524 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 320 Operation ID: {0,1336128} Process ID: 1524 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 92 Process ID: 3780 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe " 4/17/2020 11:51:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 92 Object Type: Key Process ID: 3780 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 92 Operation ID: {0,1334688} Process ID: 3780 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 328 Process ID: 128 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:51:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 328 Object Type: Key Process ID: 128 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 328 Operation ID: {0,1334527} Process ID: 128 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:51:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 84 Process ID: 128 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:51:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 84 Object Type: Key Process ID: 128 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 84 Operation ID: {0,1333441} Process ID: 128 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1524 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:51:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1524 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1524 Operation ID: {0,1333301} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3192 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:51:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3192 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3192 Operation ID: {0,1333166} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 184 Process ID: 3296 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe " 4/17/2020 11:51:36 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 184 Process ID: 3296 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe " 4/17/2020 11:51:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 184 Object Type: File Process ID: 3296 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:51:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 184 Object Type: File Process ID: 3296 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:51:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\OLD594.tmp Handle ID: 184 Operation ID: {0,1313287} Process ID: 3296 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:51:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 184 Process ID: 3296 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe " 4/17/2020 11:51:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 184 Object Type: File Process ID: 3296 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:51:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\OLD594.tmp Handle ID: 184 Operation ID: {0,1313280} Process ID: 3296 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE WriteAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x100100 " 4/17/2020 11:51:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 180 Process ID: 3296 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe " 4/17/2020 11:51:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 180 Object Type: File Process ID: 3296 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:51:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 180 Object Type: File Process ID: 3296 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe Accesses: AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x4 " 4/17/2020 11:51:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 180 Object Type: File Process ID: 3296 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe Accesses: WriteData (or AddFile) Access Mask: 0x2 " 4/17/2020 11:51:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 180 Object Type: File Process ID: 3296 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:51:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\OLD594.tmp Handle ID: 180 Operation ID: {0,1313221} Process ID: 3296 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x130196 " 4/17/2020 11:51:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 184 Process ID: 3296 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe " 4/17/2020 11:51:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 184 Object Type: File Process ID: 3296 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:51:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\OLD594.tmp Handle ID: 184 Operation ID: {0,1313214} Process ID: 3296 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE WriteAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x100100 " 4/17/2020 11:51:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 184 Process ID: 3296 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe " 4/17/2020 11:51:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\OLD594.tmp Handle ID: 184 Operation ID: {0,1313211} Process ID: 3296 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:51:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 152 Process ID: 3296 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe " 4/17/2020 11:51:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 152 Object Type: Key Process ID: 3296 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 152 Operation ID: {0,1313164} Process ID: 3296 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:51:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 92 Process ID: 3296 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe " 4/17/2020 11:51:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 92 Object Type: Key Process ID: 3296 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 92 Operation ID: {0,1313072} Process ID: 3296 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:33 AM Security Success Audit Logon/Logoff 538 AERODB\Administrator AERODB "User Logoff: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x13E1B2) Logon Type: 5 " 4/17/2020 11:51:32 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 176 Process ID: 4364 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:51:32 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 176 Object Type: Key Process ID: 4364 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:32 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 176 Operation ID: {0,1303339} Process ID: 4364 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x13E1B2) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:32 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 164 Process ID: 4364 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:51:32 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 164 Object Type: Key Process ID: 4364 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:32 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 164 Operation ID: {0,1303278} Process ID: 4364 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x13E1B2) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:51:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1112 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:51:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1112 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1112 Operation ID: {0,1303071} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:32 AM Security Success Audit Logon/Logoff 576 AERODB\Administrator AERODB "Special privileges assigned to new logon: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x13E1B2) Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege" 4/17/2020 11:51:32 AM Security Success Audit Logon/Logoff 528 AERODB\Administrator AERODB "Successful Logon: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x13E1B2) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: AERODB Logon GUID: - Caller User Name: AERODB$ Caller Domain: AIS Caller Logon ID: (0x0,0x3E7) Caller Process ID: 496 Transited Services: - Source Network Address: - Source Port: - " 4/17/2020 11:51:32 AM Security Success Audit Logon/Logoff 552 NT AUTHORITY\SYSTEM AERODB "Logon attempt using explicit credentials: Logged on user: User Name: AERODB$ Domain: AIS Logon ID: (0x0,0x3E7) Logon GUID: - User whose credentials were used: Target User Name: Administrator Target Domain: AERODB Target Logon GUID: - Target Server Name: localhost Target Server Info: localhost Caller Process ID: 496 Source Network Address: - Source Port: - " 4/17/2020 11:51:32 AM Security Success Audit Account Logon 680 AERODB\Administrator AERODB "Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: administrator Source Workstation: AERODB Error Code: 0x0 " 4/17/2020 11:51:28 AM Security Success Audit Logon/Logoff 538 AERODB\Administrator AERODB "User Logoff: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x13C44A) Logon Type: 5 " 4/17/2020 11:51:27 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1740 Process ID: 3312 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:51:27 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1740 Object Type: Key Process ID: 3312 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:27 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1740 Operation ID: {0,1299856} Process ID: 3312 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x13C44A) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:27 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1740 Process ID: 3312 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:51:27 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1740 Object Type: Key Process ID: 3312 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:27 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1740 Operation ID: {0,1299817} Process ID: 3312 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x13C44A) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:27 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1540 Process ID: 3312 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:51:27 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1540 Object Type: Key Process ID: 3312 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:27 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1540 Operation ID: {0,1299473} Process ID: 3312 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x13C44A) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:26 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 464 Process ID: 3312 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:51:26 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 464 Object Type: Key Process ID: 3312 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:26 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 464 Operation ID: {0,1296220} Process ID: 3312 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x13C44A) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:26 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 176 Process ID: 3312 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:51:26 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 176 Object Type: Key Process ID: 3312 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:26 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 176 Operation ID: {0,1295804} Process ID: 3312 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x13C44A) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:26 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 164 Process ID: 3312 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:51:26 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 164 Object Type: Key Process ID: 3312 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:26 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 164 Operation ID: {0,1295743} Process ID: 3312 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x13C44A) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:51:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1124 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:51:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1124 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1124 Operation ID: {0,1295541} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:26 AM Security Success Audit Logon/Logoff 576 AERODB\Administrator AERODB "Special privileges assigned to new logon: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x13C44A) Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege" 4/17/2020 11:51:26 AM Security Success Audit Logon/Logoff 528 AERODB\Administrator AERODB "Successful Logon: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x13C44A) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: AERODB Logon GUID: - Caller User Name: AERODB$ Caller Domain: AIS Caller Logon ID: (0x0,0x3E7) Caller Process ID: 496 Transited Services: - Source Network Address: - Source Port: - " 4/17/2020 11:51:26 AM Security Success Audit Logon/Logoff 552 NT AUTHORITY\SYSTEM AERODB "Logon attempt using explicit credentials: Logged on user: User Name: AERODB$ Domain: AIS Logon ID: (0x0,0x3E7) Logon GUID: - User whose credentials were used: Target User Name: Administrator Target Domain: AERODB Target Logon GUID: - Target Server Name: localhost Target Server Info: localhost Caller Process ID: 496 Source Network Address: - Source Port: - " 4/17/2020 11:51:26 AM Security Success Audit Account Logon 680 AERODB\Administrator AERODB "Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: administrator Source Workstation: AERODB Error Code: 0x0 " 4/17/2020 11:51:22 AM Security Success Audit Logon/Logoff 538 AERODB\Administrator AERODB "User Logoff: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x13A7C3) Logon Type: 5 " 4/17/2020 11:51:21 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1740 Process ID: 2952 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:51:21 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1740 Object Type: Key Process ID: 2952 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:21 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1740 Operation ID: {0,1292553} Process ID: 2952 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x13A7C3) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:21 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1740 Process ID: 2952 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:51:21 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1740 Object Type: Key Process ID: 2952 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:21 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1740 Operation ID: {0,1292514} Process ID: 2952 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x13A7C3) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:21 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1540 Process ID: 2952 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:51:21 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1540 Object Type: Key Process ID: 2952 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:21 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1540 Operation ID: {0,1292155} Process ID: 2952 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x13A7C3) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:20 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 464 Process ID: 2952 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:51:20 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 464 Object Type: Key Process ID: 2952 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:20 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 464 Operation ID: {0,1288908} Process ID: 2952 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x13A7C3) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:20 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 176 Process ID: 2952 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:51:20 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 176 Object Type: Key Process ID: 2952 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:20 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 176 Operation ID: {0,1288499} Process ID: 2952 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x13A7C3) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:20 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 164 Process ID: 2952 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:51:20 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 164 Object Type: Key Process ID: 2952 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:20 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 164 Operation ID: {0,1288438} Process ID: 2952 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x13A7C3) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:51:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1508 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:51:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1508 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1508 Operation ID: {0,1288238} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:20 AM Security Success Audit Logon/Logoff 576 AERODB\Administrator AERODB "Special privileges assigned to new logon: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x13A7C3) Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege" 4/17/2020 11:51:20 AM Security Success Audit Logon/Logoff 528 AERODB\Administrator AERODB "Successful Logon: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x13A7C3) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: AERODB Logon GUID: - Caller User Name: AERODB$ Caller Domain: AIS Caller Logon ID: (0x0,0x3E7) Caller Process ID: 496 Transited Services: - Source Network Address: - Source Port: - " 4/17/2020 11:51:20 AM Security Success Audit Logon/Logoff 552 NT AUTHORITY\SYSTEM AERODB "Logon attempt using explicit credentials: Logged on user: User Name: AERODB$ Domain: AIS Logon ID: (0x0,0x3E7) Logon GUID: - User whose credentials were used: Target User Name: Administrator Target Domain: AERODB Target Logon GUID: - Target Server Name: localhost Target Server Info: localhost Caller Process ID: 496 Source Network Address: - Source Port: - " 4/17/2020 11:51:20 AM Security Success Audit Account Logon 680 AERODB\Administrator AERODB "Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: administrator Source Workstation: AERODB Error Code: 0x0 " 4/17/2020 11:51:19 AM Security Success Audit Logon/Logoff 538 AERODB\Administrator AERODB "User Logoff: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x13A114) Logon Type: 5 " 4/17/2020 11:51:17 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1124 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:51:17 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1124 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:17 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1124 Operation ID: {0,1286527} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:17 AM Security Success Audit Logon/Logoff 576 AERODB\Administrator AERODB "Special privileges assigned to new logon: User Name: Domain: Logon ID: (0x0,0x13A114) Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege" 4/17/2020 11:51:17 AM Security Success Audit Logon/Logoff 528 AERODB\Administrator AERODB "Successful Logon: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x13A114) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: AERODB Logon GUID: - Caller User Name: AERODB$ Caller Domain: AIS Caller Logon ID: (0x0,0x3E7) Caller Process ID: 496 Transited Services: - Source Network Address: - Source Port: - " 4/17/2020 11:51:17 AM Security Success Audit Logon/Logoff 552 NT AUTHORITY\SYSTEM AERODB "Logon attempt using explicit credentials: Logged on user: User Name: AERODB$ Domain: AIS Logon ID: (0x0,0x3E7) Logon GUID: - User whose credentials were used: Target User Name: Administrator Target Domain: AERODB Target Logon GUID: - Target Server Name: localhost Target Server Info: localhost Caller Process ID: 496 Source Network Address: - Source Port: - " 4/17/2020 11:51:17 AM Security Success Audit Account Logon 680 AERODB\Administrator AERODB "Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: administrator Source Workstation: AERODB Error Code: 0x0 " 4/17/2020 11:51:16 AM Security Success Audit Logon/Logoff 538 AERODB\Administrator AERODB "User Logoff: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x1390A3) Logon Type: 5 " 4/17/2020 11:51:14 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 468 Process ID: 4900 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:51:14 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 468 Object Type: Key Process ID: 4900 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:14 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 468 Operation ID: {0,1283033} Process ID: 4900 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x1390A3) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:14 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 176 Process ID: 4900 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:51:14 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 176 Object Type: Key Process ID: 4900 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:14 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 176 Operation ID: {0,1282596} Process ID: 4900 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x1390A3) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:14 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 164 Process ID: 4900 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:51:14 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 164 Object Type: Key Process ID: 4900 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:14 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 164 Operation ID: {0,1282535} Process ID: 4900 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x1390A3) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:51:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1116 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:51:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1116 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1116 Operation ID: {0,1282325} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:14 AM Security Success Audit Logon/Logoff 576 AERODB\Administrator AERODB "Special privileges assigned to new logon: User Name: Domain: Logon ID: (0x0,0x1390A3) Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege" 4/17/2020 11:51:14 AM Security Success Audit Logon/Logoff 528 AERODB\Administrator AERODB "Successful Logon: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x1390A3) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: AERODB Logon GUID: - Caller User Name: AERODB$ Caller Domain: AIS Caller Logon ID: (0x0,0x3E7) Caller Process ID: 496 Transited Services: - Source Network Address: - Source Port: - " 4/17/2020 11:51:14 AM Security Success Audit Logon/Logoff 552 NT AUTHORITY\SYSTEM AERODB "Logon attempt using explicit credentials: Logged on user: User Name: AERODB$ Domain: AIS Logon ID: (0x0,0x3E7) Logon GUID: - User whose credentials were used: Target User Name: Administrator Target Domain: AERODB Target Logon GUID: - Target Server Name: localhost Target Server Info: localhost Caller Process ID: 496 Source Network Address: - Source Port: - " 4/17/2020 11:51:14 AM Security Success Audit Account Logon 680 AERODB\Administrator AERODB "Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: administrator Source Workstation: AERODB Error Code: 0x0 " 4/17/2020 11:51:13 AM Security Success Audit Logon/Logoff 538 AERODB\Administrator AERODB "User Logoff: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x137686) Logon Type: 5 " 4/17/2020 11:51:12 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1744 Process ID: 5632 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:51:12 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1744 Object Type: Key Process ID: 5632 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:12 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1744 Operation ID: {0,1280602} Process ID: 5632 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x137686) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:12 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1744 Process ID: 5632 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:51:12 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1744 Object Type: Key Process ID: 5632 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:12 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1744 Operation ID: {0,1280565} Process ID: 5632 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x137686) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:12 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1544 Process ID: 5632 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:51:12 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1544 Object Type: Key Process ID: 5632 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:12 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1544 Operation ID: {0,1280144} Process ID: 5632 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x137686) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:11 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 464 Process ID: 5632 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:51:11 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 464 Object Type: Key Process ID: 5632 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:11 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 464 Operation ID: {0,1276872} Process ID: 5632 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x137686) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:11 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 176 Process ID: 5632 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:51:11 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 176 Object Type: Key Process ID: 5632 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:11 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 176 Operation ID: {0,1276280} Process ID: 5632 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x137686) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:11 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 164 Process ID: 5632 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:51:11 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 164 Object Type: Key Process ID: 5632 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:11 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 164 Operation ID: {0,1276221} Process ID: 5632 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x137686) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:51:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1536 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:51:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1536 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1536 Operation ID: {0,1275635} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:11 AM Security Success Audit Logon/Logoff 576 AERODB\Administrator AERODB "Special privileges assigned to new logon: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x137686) Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege" 4/17/2020 11:51:11 AM Security Success Audit Logon/Logoff 528 AERODB\Administrator AERODB "Successful Logon: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x137686) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: AERODB Logon GUID: - Caller User Name: AERODB$ Caller Domain: AIS Caller Logon ID: (0x0,0x3E7) Caller Process ID: 496 Transited Services: - Source Network Address: - Source Port: - " 4/17/2020 11:51:11 AM Security Success Audit Logon/Logoff 552 NT AUTHORITY\SYSTEM AERODB "Logon attempt using explicit credentials: Logged on user: User Name: AERODB$ Domain: AIS Logon ID: (0x0,0x3E7) Logon GUID: - User whose credentials were used: Target User Name: Administrator Target Domain: AERODB Target Logon GUID: - Target Server Name: localhost Target Server Info: localhost Caller Process ID: 496 Source Network Address: - Source Port: - " 4/17/2020 11:51:11 AM Security Success Audit Account Logon 680 AERODB\Administrator AERODB "Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: administrator Source Workstation: AERODB Error Code: 0x0 " 4/17/2020 11:51:10 AM Security Success Audit Logon/Logoff 538 AERODB\Administrator AERODB "User Logoff: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x13503E) Logon Type: 5 " 4/17/2020 11:51:09 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1740 Process ID: 2588 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:51:09 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1740 Object Type: Key Process ID: 2588 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:09 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1740 Operation ID: {0,1271687} Process ID: 2588 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x13503E) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:09 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1740 Process ID: 2588 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:51:09 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1740 Object Type: Key Process ID: 2588 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:09 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1740 Operation ID: {0,1271539} Process ID: 2588 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x13503E) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:09 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1540 Process ID: 2588 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:51:09 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1540 Object Type: Key Process ID: 2588 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:09 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1540 Operation ID: {0,1271162} Process ID: 2588 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x13503E) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1604 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:51:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1604 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 1604 Operation ID: {0,1269035} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:51:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:51:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3996 Operation ID: {0,1268934} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:08 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 464 Process ID: 2588 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:51:08 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 464 Object Type: Key Process ID: 2588 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:08 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 464 Operation ID: {0,1266620} Process ID: 2588 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x13503E) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 124 Process ID: 2328 Image File Name: C:\WINDOWS\system32\wbem\wmiadap.exe " 4/17/2020 11:51:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 124 Object Type: Key Process ID: 2328 Image File Name: C:\WINDOWS\system32\wbem\wmiadap.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 124 Operation ID: {0,1266179} Process ID: 2328 Image File Name: C:\WINDOWS\system32\wbem\wmiadap.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 116 Process ID: 2328 Image File Name: C:\WINDOWS\system32\wbem\wmiadap.exe " 4/17/2020 11:51:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 116 Object Type: Key Process ID: 2328 Image File Name: C:\WINDOWS\system32\wbem\wmiadap.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 116 Operation ID: {0,1266163} Process ID: 2328 Image File Name: C:\WINDOWS\system32\wbem\wmiadap.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:51:08 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 176 Process ID: 2588 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:51:08 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 176 Object Type: Key Process ID: 2588 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:08 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 176 Operation ID: {0,1266125} Process ID: 2588 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x13503E) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:08 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 164 Process ID: 2588 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:51:08 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 164 Object Type: Key Process ID: 2588 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:08 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 164 Operation ID: {0,1266066} Process ID: 2588 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x13503E) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:51:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1432 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:51:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1432 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1432 Operation ID: {0,1265834} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:08 AM Security Success Audit Logon/Logoff 576 AERODB\Administrator AERODB "Special privileges assigned to new logon: User Name: Domain: Logon ID: (0x0,0x13503E) Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege" 4/17/2020 11:51:08 AM Security Success Audit Logon/Logoff 528 AERODB\Administrator AERODB "Successful Logon: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x13503E) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: AERODB Logon GUID: - Caller User Name: AERODB$ Caller Domain: AIS Caller Logon ID: (0x0,0x3E7) Caller Process ID: 496 Transited Services: - Source Network Address: - Source Port: - " 4/17/2020 11:51:08 AM Security Success Audit Logon/Logoff 552 NT AUTHORITY\SYSTEM AERODB "Logon attempt using explicit credentials: Logged on user: User Name: AERODB$ Domain: AIS Logon ID: (0x0,0x3E7) Logon GUID: - User whose credentials were used: Target User Name: Administrator Target Domain: AERODB Target Logon GUID: - Target Server Name: localhost Target Server Info: localhost Caller Process ID: 496 Source Network Address: - Source Port: - " 4/17/2020 11:51:08 AM Security Success Audit Account Logon 680 AERODB\Administrator AERODB "Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: administrator Source Workstation: AERODB Error Code: 0x0 " 4/17/2020 11:51:07 AM Security Success Audit Logon/Logoff 538 AERODB\Administrator AERODB "User Logoff: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x1335C3) Logon Type: 5 " 4/17/2020 11:51:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 92 Process ID: 4824 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe " 4/17/2020 11:51:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 92 Object Type: Key Process ID: 4824 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 92 Operation ID: {0,1262771} Process ID: 4824 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:05 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 464 Process ID: 4276 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:51:05 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 464 Object Type: Key Process ID: 4276 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:05 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 464 Operation ID: {0,1259719} Process ID: 4276 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x1335C3) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:05 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 176 Process ID: 4276 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:51:05 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 176 Object Type: Key Process ID: 4276 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:05 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 176 Operation ID: {0,1259313} Process ID: 4276 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x1335C3) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:05 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 164 Process ID: 4276 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:51:05 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 164 Object Type: Key Process ID: 4276 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:05 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 164 Operation ID: {0,1259254} Process ID: 4276 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x1335C3) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:51:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1292 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:51:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1292 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1292 Operation ID: {0,1259054} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:05 AM Security Success Audit Logon/Logoff 576 AERODB\Administrator AERODB "Special privileges assigned to new logon: User Name: Domain: Logon ID: (0x0,0x1335C3) Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege" 4/17/2020 11:51:05 AM Security Success Audit Logon/Logoff 528 AERODB\Administrator AERODB "Successful Logon: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x1335C3) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: AERODB Logon GUID: - Caller User Name: AERODB$ Caller Domain: AIS Caller Logon ID: (0x0,0x3E7) Caller Process ID: 496 Transited Services: - Source Network Address: - Source Port: - " 4/17/2020 11:51:05 AM Security Success Audit Logon/Logoff 552 NT AUTHORITY\SYSTEM AERODB "Logon attempt using explicit credentials: Logged on user: User Name: AERODB$ Domain: AIS Logon ID: (0x0,0x3E7) Logon GUID: - User whose credentials were used: Target User Name: Administrator Target Domain: AERODB Target Logon GUID: - Target Server Name: localhost Target Server Info: localhost Caller Process ID: 496 Source Network Address: - Source Port: - " 4/17/2020 11:51:05 AM Security Success Audit Account Logon 680 AERODB\Administrator AERODB "Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: administrator Source Workstation: AERODB Error Code: 0x0 " 4/17/2020 11:51:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 328 Process ID: 2196 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:51:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 328 Object Type: Key Process ID: 2196 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 328 Operation ID: {0,1258883} Process ID: 2196 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:51:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 84 Process ID: 2196 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:51:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 84 Object Type: Key Process ID: 2196 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 84 Operation ID: {0,1257912} Process ID: 2196 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 64 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:51:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 64 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 64 Operation ID: {0,1257762} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:04 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 532 Process ID: 1640 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTgui.exe " 4/17/2020 11:51:04 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 532 Object Type: Key Process ID: 1640 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTgui.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:04 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 532 Operation ID: {0,1257668} Process ID: 1640 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTgui.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:04 AM Security Success Audit Logon/Logoff 538 AERODB\Administrator AERODB "User Logoff: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x132294) Logon Type: 5 " 4/17/2020 11:51:02 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 464 Process ID: 4092 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:51:02 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 464 Object Type: Key Process ID: 4092 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:02 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 464 Operation ID: {0,1254812} Process ID: 4092 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x132294) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:02 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 176 Process ID: 4092 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:51:02 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 176 Object Type: Key Process ID: 4092 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:02 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 176 Operation ID: {0,1254406} Process ID: 4092 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x132294) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:02 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 164 Process ID: 4092 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:51:02 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 164 Object Type: Key Process ID: 4092 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:02 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 164 Operation ID: {0,1254347} Process ID: 4092 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x132294) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:51:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1524 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:51:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1524 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1524 Operation ID: {0,1254147} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:02 AM Security Success Audit Logon/Logoff 576 AERODB\Administrator AERODB "Special privileges assigned to new logon: User Name: Domain: Logon ID: (0x0,0x132294) Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege" 4/17/2020 11:51:02 AM Security Success Audit Logon/Logoff 528 AERODB\Administrator AERODB "Successful Logon: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x132294) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: AERODB Logon GUID: - Caller User Name: AERODB$ Caller Domain: AIS Caller Logon ID: (0x0,0x3E7) Caller Process ID: 496 Transited Services: - Source Network Address: - Source Port: - " 4/17/2020 11:51:02 AM Security Success Audit Logon/Logoff 552 NT AUTHORITY\SYSTEM AERODB "Logon attempt using explicit credentials: Logged on user: User Name: AERODB$ Domain: AIS Logon ID: (0x0,0x3E7) Logon GUID: - User whose credentials were used: Target User Name: Administrator Target Domain: AERODB Target Logon GUID: - Target Server Name: localhost Target Server Info: localhost Caller Process ID: 496 Source Network Address: - Source Port: - " 4/17/2020 11:51:02 AM Security Success Audit Account Logon 680 AERODB\Administrator AERODB "Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: administrator Source Workstation: AERODB Error Code: 0x0 " 4/17/2020 11:51:01 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 136 Process ID: 1640 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTgui.exe " 4/17/2020 11:51:01 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 136 Object Type: Key Process ID: 1640 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTgui.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:01 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 136 Operation ID: {0,1252396} Process ID: 1640 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTgui.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:51:01 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 100 Process ID: 1640 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTgui.exe " 4/17/2020 11:51:01 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 100 Object Type: Key Process ID: 1640 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTgui.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:01 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 100 Operation ID: {0,1252378} Process ID: 1640 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTgui.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:01 AM Security Success Audit Logon/Logoff 538 AERODB\Administrator AERODB "User Logoff: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x13023A) Logon Type: 5 " 4/17/2020 11:51:00 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1740 Process ID: 5772 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:51:00 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1740 Object Type: Key Process ID: 5772 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:00 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1740 Operation ID: {0,1250837} Process ID: 5772 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x13023A) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:00 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1740 Process ID: 5772 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:51:00 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1740 Object Type: Key Process ID: 5772 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:00 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1740 Operation ID: {0,1250800} Process ID: 5772 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x13023A) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:51:00 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1540 Process ID: 5772 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:51:00 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1540 Object Type: Key Process ID: 5772 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:51:00 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1540 Operation ID: {0,1250091} Process ID: 5772 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x13023A) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:59 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 468 Process ID: 5772 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:59 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 468 Object Type: Key Process ID: 5772 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:59 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 468 Operation ID: {0,1246534} Process ID: 5772 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x13023A) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:59 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 176 Process ID: 5772 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:59 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 176 Object Type: Key Process ID: 5772 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:59 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 176 Operation ID: {0,1246128} Process ID: 5772 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x13023A) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:59 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 164 Process ID: 5772 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:59 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 164 Object Type: Key Process ID: 5772 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:59 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 164 Operation ID: {0,1246067} Process ID: 5772 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x13023A) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:50:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1108 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:50:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1108 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1108 Operation ID: {0,1245861} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:59 AM Security Success Audit Logon/Logoff 576 AERODB\Administrator AERODB "Special privileges assigned to new logon: User Name: Domain: Logon ID: (0x0,0x13023A) Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege" 4/17/2020 11:50:59 AM Security Success Audit Logon/Logoff 528 AERODB\Administrator AERODB "Successful Logon: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x13023A) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: AERODB Logon GUID: - Caller User Name: AERODB$ Caller Domain: AIS Caller Logon ID: (0x0,0x3E7) Caller Process ID: 496 Transited Services: - Source Network Address: - Source Port: - " 4/17/2020 11:50:59 AM Security Success Audit Logon/Logoff 552 NT AUTHORITY\SYSTEM AERODB "Logon attempt using explicit credentials: Logged on user: User Name: AERODB$ Domain: AIS Logon ID: (0x0,0x3E7) Logon GUID: - User whose credentials were used: Target User Name: Administrator Target Domain: AERODB Target Logon GUID: - Target Server Name: localhost Target Server Info: localhost Caller Process ID: 496 Source Network Address: - Source Port: - " 4/17/2020 11:50:59 AM Security Success Audit Account Logon 680 AERODB\Administrator AERODB "Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: administrator Source Workstation: AERODB Error Code: 0x0 " 4/17/2020 11:50:58 AM Security Success Audit Logon/Logoff 538 AERODB\Administrator AERODB "User Logoff: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x12E93C) Logon Type: 5 " 4/17/2020 11:50:57 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1540 Process ID: 4964 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:57 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1540 Object Type: Key Process ID: 4964 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:57 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1540 Operation ID: {0,1244206} Process ID: 4964 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x12E93C) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:56 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 464 Process ID: 4964 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:56 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 464 Object Type: Key Process ID: 4964 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:56 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 464 Operation ID: {0,1240276} Process ID: 4964 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x12E93C) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:56 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 176 Process ID: 4964 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:56 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 176 Object Type: Key Process ID: 4964 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:56 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 176 Operation ID: {0,1239853} Process ID: 4964 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x12E93C) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:56 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 164 Process ID: 4964 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:56 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 164 Object Type: Key Process ID: 4964 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:56 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 164 Operation ID: {0,1239794} Process ID: 4964 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x12E93C) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:50:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1524 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:50:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1524 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1524 Operation ID: {0,1239463} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:56 AM Security Success Audit Logon/Logoff 576 AERODB\Administrator AERODB "Special privileges assigned to new logon: User Name: Domain: Logon ID: (0x0,0x12E93C) Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege" 4/17/2020 11:50:56 AM Security Success Audit Logon/Logoff 528 AERODB\Administrator AERODB "Successful Logon: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x12E93C) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: AERODB Logon GUID: - Caller User Name: AERODB$ Caller Domain: AIS Caller Logon ID: (0x0,0x3E7) Caller Process ID: 496 Transited Services: - Source Network Address: - Source Port: - " 4/17/2020 11:50:56 AM Security Success Audit Logon/Logoff 552 NT AUTHORITY\SYSTEM AERODB "Logon attempt using explicit credentials: Logged on user: User Name: AERODB$ Domain: AIS Logon ID: (0x0,0x3E7) Logon GUID: - User whose credentials were used: Target User Name: Administrator Target Domain: AERODB Target Logon GUID: - Target Server Name: localhost Target Server Info: localhost Caller Process ID: 496 Source Network Address: - Source Port: - " 4/17/2020 11:50:56 AM Security Success Audit Account Logon 680 AERODB\Administrator AERODB "Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: administrator Source Workstation: AERODB Error Code: 0x0 " 4/17/2020 11:50:55 AM Security Success Audit Logon/Logoff 538 AERODB\Administrator AERODB "User Logoff: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x12D038) Logon Type: 5 " 4/17/2020 11:50:54 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1716 Process ID: 4704 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:54 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1716 Object Type: Key Process ID: 4704 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:54 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1716 Operation ID: {0,1237369} Process ID: 4704 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x12D038) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:54 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1716 Process ID: 4704 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:54 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1716 Object Type: Key Process ID: 4704 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:54 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1716 Operation ID: {0,1237332} Process ID: 4704 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x12D038) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:54 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1540 Process ID: 4704 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:54 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1540 Object Type: Key Process ID: 4704 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:54 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1540 Operation ID: {0,1237028} Process ID: 4704 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x12D038) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:53 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 464 Process ID: 4704 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:53 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 464 Object Type: Key Process ID: 4704 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:53 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 464 Operation ID: {0,1233741} Process ID: 4704 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x12D038) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:53 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 176 Process ID: 4704 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:53 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 176 Object Type: Key Process ID: 4704 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:53 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 176 Operation ID: {0,1233321} Process ID: 4704 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x12D038) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:53 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 164 Process ID: 4704 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:53 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 164 Object Type: Key Process ID: 4704 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:53 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 164 Operation ID: {0,1233262} Process ID: 4704 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x12D038) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:50:53 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1432 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:50:53 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1432 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:53 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1432 Operation ID: {0,1233062} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:53 AM Security Success Audit Logon/Logoff 576 AERODB\Administrator AERODB "Special privileges assigned to new logon: User Name: Domain: Logon ID: (0x0,0x12D038) Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege" 4/17/2020 11:50:53 AM Security Success Audit Logon/Logoff 528 AERODB\Administrator AERODB "Successful Logon: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x12D038) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: AERODB Logon GUID: - Caller User Name: AERODB$ Caller Domain: AIS Caller Logon ID: (0x0,0x3E7) Caller Process ID: 496 Transited Services: - Source Network Address: - Source Port: - " 4/17/2020 11:50:53 AM Security Success Audit Logon/Logoff 552 NT AUTHORITY\SYSTEM AERODB "Logon attempt using explicit credentials: Logged on user: User Name: AERODB$ Domain: AIS Logon ID: (0x0,0x3E7) Logon GUID: - User whose credentials were used: Target User Name: Administrator Target Domain: AERODB Target Logon GUID: - Target Server Name: localhost Target Server Info: localhost Caller Process ID: 496 Source Network Address: - Source Port: - " 4/17/2020 11:50:53 AM Security Success Audit Account Logon 680 AERODB\Administrator AERODB "Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: administrator Source Workstation: AERODB Error Code: 0x0 " 4/17/2020 11:50:52 AM Security Success Audit Logon/Logoff 538 AERODB\Administrator AERODB "User Logoff: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x12BE08) Logon Type: 5 " 4/17/2020 11:50:50 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 468 Process ID: 4360 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:50 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 468 Object Type: Key Process ID: 4360 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:50 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 468 Operation ID: {0,1229074} Process ID: 4360 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x12BE08) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:50 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 176 Process ID: 4360 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:50 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 176 Object Type: Key Process ID: 4360 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:50 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 176 Operation ID: {0,1228664} Process ID: 4360 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x12BE08) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:50 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 164 Process ID: 4360 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:50 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 164 Object Type: Key Process ID: 4360 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:50 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 164 Operation ID: {0,1228605} Process ID: 4360 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x12BE08) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:50:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1120 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:50:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1120 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1120 Operation ID: {0,1228403} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:50 AM Security Success Audit Logon/Logoff 576 AERODB\Administrator AERODB "Special privileges assigned to new logon: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x12BE08) Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege" 4/17/2020 11:50:50 AM Security Success Audit Logon/Logoff 528 AERODB\Administrator AERODB "Successful Logon: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x12BE08) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: AERODB Logon GUID: - Caller User Name: AERODB$ Caller Domain: AIS Caller Logon ID: (0x0,0x3E7) Caller Process ID: 496 Transited Services: - Source Network Address: - Source Port: - " 4/17/2020 11:50:50 AM Security Success Audit Logon/Logoff 552 NT AUTHORITY\SYSTEM AERODB "Logon attempt using explicit credentials: Logged on user: User Name: AERODB$ Domain: AIS Logon ID: (0x0,0x3E7) Logon GUID: - User whose credentials were used: Target User Name: Administrator Target Domain: AERODB Target Logon GUID: - Target Server Name: localhost Target Server Info: localhost Caller Process ID: 496 Source Network Address: - Source Port: - " 4/17/2020 11:50:50 AM Security Success Audit Account Logon 680 AERODB\Administrator AERODB "Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: administrator Source Workstation: AERODB Error Code: 0x0 " 4/17/2020 11:50:49 AM Security Success Audit Logon/Logoff 538 AERODB\Administrator AERODB "User Logoff: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x12A40E) Logon Type: 5 " 4/17/2020 11:50:47 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 464 Process ID: 2200 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:47 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 464 Object Type: Key Process ID: 2200 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:47 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 464 Operation ID: {0,1222421} Process ID: 2200 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x12A40E) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:47 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 176 Process ID: 2200 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:47 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 176 Object Type: Key Process ID: 2200 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:47 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 176 Operation ID: {0,1222014} Process ID: 2200 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x12A40E) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:47 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 164 Process ID: 2200 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:47 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 164 Object Type: Key Process ID: 2200 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:47 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 164 Operation ID: {0,1221955} Process ID: 2200 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x12A40E) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:50:47 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1524 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:50:47 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1524 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:47 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1524 Operation ID: {0,1221753} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:47 AM Security Success Audit Logon/Logoff 576 AERODB\Administrator AERODB "Special privileges assigned to new logon: User Name: Domain: Logon ID: (0x0,0x12A40E) Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege" 4/17/2020 11:50:47 AM Security Success Audit Logon/Logoff 528 AERODB\Administrator AERODB "Successful Logon: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x12A40E) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: AERODB Logon GUID: - Caller User Name: AERODB$ Caller Domain: AIS Caller Logon ID: (0x0,0x3E7) Caller Process ID: 496 Transited Services: - Source Network Address: - Source Port: - " 4/17/2020 11:50:47 AM Security Success Audit Logon/Logoff 552 NT AUTHORITY\SYSTEM AERODB "Logon attempt using explicit credentials: Logged on user: User Name: AERODB$ Domain: AIS Logon ID: (0x0,0x3E7) Logon GUID: - User whose credentials were used: Target User Name: Administrator Target Domain: AERODB Target Logon GUID: - Target Server Name: localhost Target Server Info: localhost Caller Process ID: 496 Source Network Address: - Source Port: - " 4/17/2020 11:50:47 AM Security Success Audit Account Logon 680 AERODB\Administrator AERODB "Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: administrator Source Workstation: AERODB Error Code: 0x0 " 4/17/2020 11:50:46 AM Security Success Audit Logon/Logoff 538 AERODB\Administrator AERODB "User Logoff: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x129D0E) Logon Type: 5 " 4/17/2020 11:50:46 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 464 Process ID: 1764 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:46 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 464 Object Type: Key Process ID: 1764 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:46 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 464 Operation ID: {0,1220709} Process ID: 1764 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x129D0E) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:46 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 176 Process ID: 1764 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:46 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 176 Object Type: Key Process ID: 1764 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:46 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 176 Operation ID: {0,1220301} Process ID: 1764 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x129D0E) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:46 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 164 Process ID: 1764 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:46 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 164 Object Type: Key Process ID: 1764 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:46 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 164 Operation ID: {0,1220242} Process ID: 1764 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x129D0E) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:50:46 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1432 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:50:46 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1432 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:46 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1432 Operation ID: {0,1219963} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:46 AM Security Success Audit Logon/Logoff 576 AERODB\Administrator AERODB "Special privileges assigned to new logon: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x129D0E) Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege" 4/17/2020 11:50:46 AM Security Success Audit Logon/Logoff 528 AERODB\Administrator AERODB "Successful Logon: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x129D0E) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: AERODB Logon GUID: - Caller User Name: AERODB$ Caller Domain: AIS Caller Logon ID: (0x0,0x3E7) Caller Process ID: 496 Transited Services: - Source Network Address: - Source Port: - " 4/17/2020 11:50:46 AM Security Success Audit Logon/Logoff 552 NT AUTHORITY\SYSTEM AERODB "Logon attempt using explicit credentials: Logged on user: User Name: AERODB$ Domain: AIS Logon ID: (0x0,0x3E7) Logon GUID: - User whose credentials were used: Target User Name: Administrator Target Domain: AERODB Target Logon GUID: - Target Server Name: localhost Target Server Info: localhost Caller Process ID: 496 Source Network Address: - Source Port: - " 4/17/2020 11:50:46 AM Security Success Audit Account Logon 680 AERODB\Administrator AERODB "Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: administrator Source Workstation: AERODB Error Code: 0x0 " 4/17/2020 11:50:46 AM Security Success Audit Logon/Logoff 538 AERODB\Administrator AERODB "User Logoff: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x1289FC) Logon Type: 5 " 4/17/2020 11:50:45 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1540 Process ID: 5244 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:45 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1540 Object Type: Key Process ID: 5244 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:45 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1540 Operation ID: {0,1219001} Process ID: 5244 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x1289FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:44 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 468 Process ID: 5244 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:44 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 468 Object Type: Key Process ID: 5244 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:44 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 468 Operation ID: {0,1215756} Process ID: 5244 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x1289FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:44 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 176 Process ID: 5244 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:44 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 176 Object Type: Key Process ID: 5244 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:44 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 176 Operation ID: {0,1215347} Process ID: 5244 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x1289FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:44 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 164 Process ID: 5244 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:44 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 164 Object Type: Key Process ID: 5244 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:44 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 164 Operation ID: {0,1215288} Process ID: 5244 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x1289FC) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:50:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1120 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:50:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1120 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1120 Operation ID: {0,1215081} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:44 AM Security Success Audit Logon/Logoff 576 AERODB\Administrator AERODB "Special privileges assigned to new logon: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x1289FC) Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege" 4/17/2020 11:50:44 AM Security Success Audit Logon/Logoff 528 AERODB\Administrator AERODB "Successful Logon: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x1289FC) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: AERODB Logon GUID: - Caller User Name: AERODB$ Caller Domain: AIS Caller Logon ID: (0x0,0x3E7) Caller Process ID: 496 Transited Services: - Source Network Address: - Source Port: - " 4/17/2020 11:50:44 AM Security Success Audit Logon/Logoff 552 NT AUTHORITY\SYSTEM AERODB "Logon attempt using explicit credentials: Logged on user: User Name: AERODB$ Domain: AIS Logon ID: (0x0,0x3E7) Logon GUID: - User whose credentials were used: Target User Name: Administrator Target Domain: AERODB Target Logon GUID: - Target Server Name: localhost Target Server Info: localhost Caller Process ID: 496 Source Network Address: - Source Port: - " 4/17/2020 11:50:44 AM Security Success Audit Account Logon 680 AERODB\Administrator AERODB "Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: administrator Source Workstation: AERODB Error Code: 0x0 " 4/17/2020 11:50:43 AM Security Success Audit Logon/Logoff 538 AERODB\Administrator AERODB "User Logoff: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x1275B1) Logon Type: 5 " 4/17/2020 11:50:42 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1540 Process ID: 1992 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:42 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1540 Object Type: Key Process ID: 1992 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:42 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1540 Operation ID: {0,1213893} Process ID: 1992 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x1275B1) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:41 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 464 Process ID: 1992 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:41 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 464 Object Type: Key Process ID: 1992 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:41 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 464 Operation ID: {0,1210557} Process ID: 1992 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x1275B1) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:41 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 176 Process ID: 1992 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:41 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 176 Object Type: Key Process ID: 1992 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:41 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 176 Operation ID: {0,1210149} Process ID: 1992 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x1275B1) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:41 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 164 Process ID: 1992 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:41 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 164 Object Type: Key Process ID: 1992 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:41 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 164 Operation ID: {0,1210088} Process ID: 1992 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x1275B1) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:50:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1108 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:50:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1108 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1108 Operation ID: {0,1209886} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:41 AM Security Success Audit Logon/Logoff 576 AERODB\Administrator AERODB "Special privileges assigned to new logon: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x1275B1) Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege" 4/17/2020 11:50:41 AM Security Success Audit Logon/Logoff 528 AERODB\Administrator AERODB "Successful Logon: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x1275B1) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: AERODB Logon GUID: - Caller User Name: AERODB$ Caller Domain: AIS Caller Logon ID: (0x0,0x3E7) Caller Process ID: 496 Transited Services: - Source Network Address: - Source Port: - " 4/17/2020 11:50:41 AM Security Success Audit Logon/Logoff 552 NT AUTHORITY\SYSTEM AERODB "Logon attempt using explicit credentials: Logged on user: User Name: AERODB$ Domain: AIS Logon ID: (0x0,0x3E7) Logon GUID: - User whose credentials were used: Target User Name: Administrator Target Domain: AERODB Target Logon GUID: - Target Server Name: localhost Target Server Info: localhost Caller Process ID: 496 Source Network Address: - Source Port: - " 4/17/2020 11:50:41 AM Security Success Audit Account Logon 680 AERODB\Administrator AERODB "Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: administrator Source Workstation: AERODB Error Code: 0x0 " 4/17/2020 11:50:39 AM Security Success Audit Logon/Logoff 538 AERODB\Administrator AERODB "User Logoff: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x125D14) Logon Type: 5 " 4/17/2020 11:50:39 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1716 Process ID: 1668 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:39 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1716 Object Type: Key Process ID: 1668 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:39 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1716 Operation ID: {0,1207810} Process ID: 1668 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x125D14) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:39 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1716 Process ID: 1668 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:39 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1716 Object Type: Key Process ID: 1668 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:39 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1716 Operation ID: {0,1207773} Process ID: 1668 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x125D14) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:39 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1532 Process ID: 1668 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:39 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1532 Object Type: Key Process ID: 1668 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:39 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1532 Operation ID: {0,1207469} Process ID: 1668 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x125D14) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:38 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 464 Process ID: 1668 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:38 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 464 Object Type: Key Process ID: 1668 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:38 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 464 Operation ID: {0,1204250} Process ID: 1668 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x125D14) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:38 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 176 Process ID: 1668 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:38 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 176 Object Type: Key Process ID: 1668 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:38 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 176 Operation ID: {0,1203844} Process ID: 1668 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x125D14) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:38 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 164 Process ID: 1668 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:38 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 164 Object Type: Key Process ID: 1668 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:38 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 164 Operation ID: {0,1203785} Process ID: 1668 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x125D14) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:50:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1524 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:50:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1524 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1524 Operation ID: {0,1203585} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:38 AM Security Success Audit Logon/Logoff 576 AERODB\Administrator AERODB "Special privileges assigned to new logon: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x125D14) Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege" 4/17/2020 11:50:38 AM Security Success Audit Logon/Logoff 528 AERODB\Administrator AERODB "Successful Logon: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x125D14) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: AERODB Logon GUID: - Caller User Name: AERODB$ Caller Domain: AIS Caller Logon ID: (0x0,0x3E7) Caller Process ID: 496 Transited Services: - Source Network Address: - Source Port: - " 4/17/2020 11:50:38 AM Security Success Audit Logon/Logoff 552 NT AUTHORITY\SYSTEM AERODB "Logon attempt using explicit credentials: Logged on user: User Name: AERODB$ Domain: AIS Logon ID: (0x0,0x3E7) Logon GUID: - User whose credentials were used: Target User Name: Administrator Target Domain: AERODB Target Logon GUID: - Target Server Name: localhost Target Server Info: localhost Caller Process ID: 496 Source Network Address: - Source Port: - " 4/17/2020 11:50:38 AM Security Success Audit Account Logon 680 AERODB\Administrator AERODB "Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: administrator Source Workstation: AERODB Error Code: 0x0 " 4/17/2020 11:50:37 AM Security Success Audit Logon/Logoff 538 AERODB\Administrator AERODB "User Logoff: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x11F608) Logon Type: 5 " 4/17/2020 11:50:35 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 464 Process ID: 5516 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:35 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 464 Object Type: Key Process ID: 5516 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:35 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 464 Operation ID: {0,1177868} Process ID: 5516 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x11F608) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:35 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 176 Process ID: 5516 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:35 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 176 Object Type: Key Process ID: 5516 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:35 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 176 Operation ID: {0,1177462} Process ID: 5516 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x11F608) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:35 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 164 Process ID: 5516 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:35 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 164 Object Type: Key Process ID: 5516 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:35 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 164 Operation ID: {0,1177403} Process ID: 5516 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x11F608) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:50:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1432 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:50:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1432 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1432 Operation ID: {0,1177203} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:35 AM Security Success Audit Logon/Logoff 576 AERODB\Administrator AERODB "Special privileges assigned to new logon: User Name: Domain: Logon ID: (0x0,0x11F608) Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege" 4/17/2020 11:50:35 AM Security Success Audit Logon/Logoff 528 AERODB\Administrator AERODB "Successful Logon: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x11F608) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: AERODB Logon GUID: - Caller User Name: AERODB$ Caller Domain: AIS Caller Logon ID: (0x0,0x3E7) Caller Process ID: 496 Transited Services: - Source Network Address: - Source Port: - " 4/17/2020 11:50:35 AM Security Success Audit Logon/Logoff 552 NT AUTHORITY\SYSTEM AERODB "Logon attempt using explicit credentials: Logged on user: User Name: AERODB$ Domain: AIS Logon ID: (0x0,0x3E7) Logon GUID: - User whose credentials were used: Target User Name: Administrator Target Domain: AERODB Target Logon GUID: - Target Server Name: localhost Target Server Info: localhost Caller Process ID: 496 Source Network Address: - Source Port: - " 4/17/2020 11:50:35 AM Security Success Audit Account Logon 680 AERODB\Administrator AERODB "Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: administrator Source Workstation: AERODB Error Code: 0x0 " 4/17/2020 11:50:34 AM Security Success Audit Logon/Logoff 538 AERODB\Administrator AERODB "User Logoff: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x11D7DE) Logon Type: 5 " 4/17/2020 11:50:32 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 464 Process ID: 2132 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:32 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 464 Object Type: Key Process ID: 2132 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:32 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 464 Operation ID: {0,1170180} Process ID: 2132 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x11D7DE) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:32 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 176 Process ID: 2132 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:32 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 176 Object Type: Key Process ID: 2132 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:32 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 176 Operation ID: {0,1169774} Process ID: 2132 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x11D7DE) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:32 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 164 Process ID: 2132 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:32 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 164 Object Type: Key Process ID: 2132 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:32 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 164 Operation ID: {0,1169715} Process ID: 2132 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x11D7DE) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:50:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1120 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:50:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1120 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1120 Operation ID: {0,1169490} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:32 AM Security Success Audit Logon/Logoff 576 AERODB\Administrator AERODB "Special privileges assigned to new logon: User Name: Domain: Logon ID: (0x0,0x11D7DE) Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege" 4/17/2020 11:50:32 AM Security Success Audit Logon/Logoff 528 AERODB\Administrator AERODB "Successful Logon: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x11D7DE) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: AERODB Logon GUID: - Caller User Name: AERODB$ Caller Domain: AIS Caller Logon ID: (0x0,0x3E7) Caller Process ID: 496 Transited Services: - Source Network Address: - Source Port: - " 4/17/2020 11:50:32 AM Security Success Audit Logon/Logoff 552 NT AUTHORITY\SYSTEM AERODB "Logon attempt using explicit credentials: Logged on user: User Name: AERODB$ Domain: AIS Logon ID: (0x0,0x3E7) Logon GUID: - User whose credentials were used: Target User Name: Administrator Target Domain: AERODB Target Logon GUID: - Target Server Name: localhost Target Server Info: localhost Caller Process ID: 496 Source Network Address: - Source Port: - " 4/17/2020 11:50:32 AM Security Success Audit Account Logon 680 AERODB\Administrator AERODB "Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: administrator Source Workstation: AERODB Error Code: 0x0 " 4/17/2020 11:50:31 AM Security Success Audit Logon/Logoff 538 AERODB\Administrator AERODB "User Logoff: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x11CAA7) Logon Type: 5 " 4/17/2020 11:50:29 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 464 Process ID: 5180 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:29 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 464 Object Type: Key Process ID: 5180 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:29 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 464 Operation ID: {0,1166782} Process ID: 5180 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x11CAA7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:29 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 176 Process ID: 5180 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:29 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 176 Object Type: Key Process ID: 5180 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:29 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 176 Operation ID: {0,1166358} Process ID: 5180 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x11CAA7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:29 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 164 Process ID: 5180 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:29 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 164 Object Type: Key Process ID: 5180 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:29 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 164 Operation ID: {0,1166299} Process ID: 5180 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x11CAA7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:50:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 64 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:50:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 64 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 64 Operation ID: {0,1166101} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:29 AM Security Success Audit Logon/Logoff 576 AERODB\Administrator AERODB "Special privileges assigned to new logon: User Name: Domain: Logon ID: (0x0,0x11CAA7) Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege" 4/17/2020 11:50:29 AM Security Success Audit Logon/Logoff 528 AERODB\Administrator AERODB "Successful Logon: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x11CAA7) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: AERODB Logon GUID: - Caller User Name: AERODB$ Caller Domain: AIS Caller Logon ID: (0x0,0x3E7) Caller Process ID: 496 Transited Services: - Source Network Address: - Source Port: - " 4/17/2020 11:50:29 AM Security Success Audit Logon/Logoff 552 NT AUTHORITY\SYSTEM AERODB "Logon attempt using explicit credentials: Logged on user: User Name: AERODB$ Domain: AIS Logon ID: (0x0,0x3E7) Logon GUID: - User whose credentials were used: Target User Name: Administrator Target Domain: AERODB Target Logon GUID: - Target Server Name: localhost Target Server Info: localhost Caller Process ID: 496 Source Network Address: - Source Port: - " 4/17/2020 11:50:29 AM Security Success Audit Account Logon 680 AERODB\Administrator AERODB "Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: administrator Source Workstation: AERODB Error Code: 0x0 " 4/17/2020 11:50:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 464 Process ID: 3308 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 464 Object Type: Key Process ID: 3308 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 464 Operation ID: {0,1160068} Process ID: 3308 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 176 Process ID: 3308 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 176 Object Type: Key Process ID: 3308 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 176 Operation ID: {0,1159709} Process ID: 3308 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 164 Process ID: 3308 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 164 Object Type: Key Process ID: 3308 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 164 Operation ID: {0,1159650} Process ID: 3308 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:50:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1432 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:50:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1432 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1432 Operation ID: {0,1159498} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 468 Process ID: 4508 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 468 Object Type: Key Process ID: 4508 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 468 Operation ID: {0,1156558} Process ID: 4508 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 176 Process ID: 4508 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 176 Object Type: Key Process ID: 4508 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 176 Operation ID: {0,1156198} Process ID: 4508 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 164 Process ID: 4508 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 164 Object Type: Key Process ID: 4508 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 164 Operation ID: {0,1156137} Process ID: 4508 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:50:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1040 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:50:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1040 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1040 Operation ID: {0,1155985} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 464 Process ID: 5804 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 464 Object Type: Key Process ID: 5804 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 464 Operation ID: {0,1152584} Process ID: 5804 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 176 Process ID: 5804 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 176 Object Type: Key Process ID: 5804 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 176 Operation ID: {0,1152225} Process ID: 5804 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 164 Process ID: 5804 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 164 Object Type: Key Process ID: 5804 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 164 Operation ID: {0,1152166} Process ID: 5804 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:50:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1280 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:50:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1280 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1280 Operation ID: {0,1152016} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 464 Process ID: 1196 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 464 Object Type: Key Process ID: 1196 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 464 Operation ID: {0,1148898} Process ID: 1196 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 176 Process ID: 1196 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 176 Object Type: Key Process ID: 1196 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 176 Operation ID: {0,1148537} Process ID: 1196 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 164 Process ID: 1196 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 164 Object Type: Key Process ID: 1196 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 164 Operation ID: {0,1148478} Process ID: 1196 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:50:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1292 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:50:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1292 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1292 Operation ID: {0,1148324} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 468 Process ID: 4776 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 468 Object Type: Key Process ID: 4776 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 468 Operation ID: {0,1144577} Process ID: 4776 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 176 Process ID: 4776 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 176 Object Type: Key Process ID: 4776 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 176 Operation ID: {0,1144213} Process ID: 4776 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 164 Process ID: 4776 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 164 Object Type: Key Process ID: 4776 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 164 Operation ID: {0,1144154} Process ID: 4776 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:50:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1524 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:50:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1524 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1524 Operation ID: {0,1143996} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:12 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 472 Process ID: 2244 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:12 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 472 Object Type: Key Process ID: 2244 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:12 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 472 Operation ID: {0,1105041} Process ID: 2244 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:12 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 176 Process ID: 2244 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:12 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 176 Object Type: Key Process ID: 2244 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:12 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 176 Operation ID: {0,1103600} Process ID: 2244 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:12 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 164 Process ID: 2244 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:12 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 164 Object Type: Key Process ID: 2244 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:12 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 164 Operation ID: {0,1103521} Process ID: 2244 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:50:12 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1040 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:50:12 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1040 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:12 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1040 Operation ID: {0,1102209} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:11 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar58C.tmp Handle ID: 3420 Operation ID: {0,1088786} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:11 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab58B.tmp Handle ID: 3544 Operation ID: {0,1088765} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar58C.tmp Handle ID: 3800 Operation ID: {0,1088757} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar58C.tmp Handle ID: 3780 Operation ID: {0,1088721} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab58B.tmp Handle ID: 3836 Operation ID: {0,1088720} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab58B.tmp Handle ID: 3632 Operation ID: {0,1088717} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab58B.tmp Handle ID: 3632 Operation ID: {0,1088706} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar58C.tmp Handle ID: 3632 Operation ID: {0,1088703} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab58B.tmp Handle ID: 3632 Operation ID: {0,1088699} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,1088646} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,1088582} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:11 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar58A.tmp Handle ID: 3780 Operation ID: {0,1088546} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:11 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab589.tmp Handle ID: 3780 Operation ID: {0,1088533} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar58A.tmp Handle ID: 3780 Operation ID: {0,1088530} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar58A.tmp Handle ID: 3632 Operation ID: {0,1088513} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab589.tmp Handle ID: 3780 Operation ID: {0,1088508} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab589.tmp Handle ID: 3556 Operation ID: {0,1088507} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab589.tmp Handle ID: 3556 Operation ID: {0,1088496} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar58A.tmp Handle ID: 3556 Operation ID: {0,1088493} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab589.tmp Handle ID: 3556 Operation ID: {0,1088487} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,1088454} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,1088418} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,1088375} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2524 Operation ID: {0,1088329} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar588.tmp Handle ID: 3632 Operation ID: {0,1088298} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab587.tmp Handle ID: 3632 Operation ID: {0,1088289} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar588.tmp Handle ID: 3632 Operation ID: {0,1088282} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar588.tmp Handle ID: 2524 Operation ID: {0,1088265} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab587.tmp Handle ID: 3632 Operation ID: {0,1088260} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab587.tmp Handle ID: 3500 Operation ID: {0,1088259} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab587.tmp Handle ID: 3500 Operation ID: {0,1088248} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar588.tmp Handle ID: 3500 Operation ID: {0,1088245} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab587.tmp Handle ID: 3500 Operation ID: {0,1088239} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,1088186} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,1088123} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar586.tmp Handle ID: 3500 Operation ID: {0,1088086} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab585.tmp Handle ID: 3500 Operation ID: {0,1088077} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar586.tmp Handle ID: 3500 Operation ID: {0,1088070} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3536 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar586.tmp Handle ID: 3632 Operation ID: {0,1088055} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3536 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab585.tmp Handle ID: 3500 Operation ID: {0,1088048} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab585.tmp Handle ID: 3536 Operation ID: {0,1088047} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3536 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3536 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab585.tmp Handle ID: 3536 Operation ID: {0,1088038} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3536 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar586.tmp Handle ID: 3536 Operation ID: {0,1088035} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3536 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab585.tmp Handle ID: 3536 Operation ID: {0,1087896} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,1087861} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,1087823} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,1087780} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3028 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3028 Operation ID: {0,1087733} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3536 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3536 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3536 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3536 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar584.tmp Handle ID: 3536 Operation ID: {0,1087703} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3536 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3536 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3536 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3536 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab583.tmp Handle ID: 3536 Operation ID: {0,1087694} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3536 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3536 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar584.tmp Handle ID: 3536 Operation ID: {0,1087687} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3536 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3536 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar584.tmp Handle ID: 3028 Operation ID: {0,1087668} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab583.tmp Handle ID: 3536 Operation ID: {0,1087667} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab583.tmp Handle ID: 3836 Operation ID: {0,1087664} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab583.tmp Handle ID: 3836 Operation ID: {0,1087655} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar584.tmp Handle ID: 3836 Operation ID: {0,1087650} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab583.tmp Handle ID: 3836 Operation ID: {0,1087644} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,1087591} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,1087527} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar582.tmp Handle ID: 3500 Operation ID: {0,1087489} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab581.tmp Handle ID: 3500 Operation ID: {0,1087480} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar582.tmp Handle ID: 3500 Operation ID: {0,1087473} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3536 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3536 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3536 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar582.tmp Handle ID: 3536 Operation ID: {0,1087456} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab581.tmp Handle ID: 3500 Operation ID: {0,1087451} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab581.tmp Handle ID: 3780 Operation ID: {0,1087450} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab581.tmp Handle ID: 3780 Operation ID: {0,1087439} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar582.tmp Handle ID: 3780 Operation ID: {0,1087436} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab581.tmp Handle ID: 3780 Operation ID: {0,1087430} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3536 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3536 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3536 Operation ID: {0,1087395} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3536 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3536 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3536 Operation ID: {0,1087357} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,1087314} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3836 Operation ID: {0,1087269} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar580.tmp Handle ID: 3780 Operation ID: {0,1087240} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab57F.tmp Handle ID: 3780 Operation ID: {0,1087237} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar580.tmp Handle ID: 3780 Operation ID: {0,1087232} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar580.tmp Handle ID: 3836 Operation ID: {0,1087219} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab57F.tmp Handle ID: 3780 Operation ID: {0,1087216} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab57F.tmp Handle ID: 2524 Operation ID: {0,1087215} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab57F.tmp Handle ID: 2524 Operation ID: {0,1087204} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar580.tmp Handle ID: 2524 Operation ID: {0,1087203} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab57F.tmp Handle ID: 2524 Operation ID: {0,1087199} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,1087146} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,1087083} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar57E.tmp Handle ID: 3836 Operation ID: {0,1087045} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab57D.tmp Handle ID: 3836 Operation ID: {0,1087036} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar57E.tmp Handle ID: 3836 Operation ID: {0,1087029} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar57E.tmp Handle ID: 2524 Operation ID: {0,1087012} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab57D.tmp Handle ID: 3836 Operation ID: {0,1087007} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab57D.tmp Handle ID: 3632 Operation ID: {0,1087006} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab57D.tmp Handle ID: 3632 Operation ID: {0,1086995} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar57E.tmp Handle ID: 3632 Operation ID: {0,1086992} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab57D.tmp Handle ID: 3632 Operation ID: {0,1086984} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2524 Operation ID: {0,1086951} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2524 Operation ID: {0,1086913} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,1086870} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar57C.tmp Handle ID: 2524 Operation ID: {0,1086832} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab57B.tmp Handle ID: 2524 Operation ID: {0,1086823} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar57C.tmp Handle ID: 2524 Operation ID: {0,1086814} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar57C.tmp Handle ID: 3556 Operation ID: {0,1086799} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab57B.tmp Handle ID: 2524 Operation ID: {0,1086794} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab57B.tmp Handle ID: 3028 Operation ID: {0,1086793} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab57B.tmp Handle ID: 3028 Operation ID: {0,1086784} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar57C.tmp Handle ID: 3028 Operation ID: {0,1086779} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab57B.tmp Handle ID: 3028 Operation ID: {0,1086773} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,1086717} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,1086654} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3536 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3536 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3536 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3536 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar57A.tmp Handle ID: 3536 Operation ID: {0,1086616} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3536 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3536 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3536 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3536 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab579.tmp Handle ID: 3536 Operation ID: {0,1086607} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3536 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3536 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar57A.tmp Handle ID: 3536 Operation ID: {0,1086600} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3536 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3536 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar57A.tmp Handle ID: 3556 Operation ID: {0,1086583} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab579.tmp Handle ID: 3536 Operation ID: {0,1086578} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab579.tmp Handle ID: 3780 Operation ID: {0,1086577} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab579.tmp Handle ID: 3780 Operation ID: {0,1086566} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar57A.tmp Handle ID: 3780 Operation ID: {0,1086563} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab579.tmp Handle ID: 3780 Operation ID: {0,1086557} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3556 Operation ID: {0,1086522} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3556 Operation ID: {0,1086486} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3556 Operation ID: {0,1086447} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar578.tmp Handle ID: 4056 Operation ID: {0,1086355} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab577.tmp Handle ID: 4056 Operation ID: {0,1086352} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar578.tmp Handle ID: 4056 Operation ID: {0,1086351} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar578.tmp Handle ID: 3500 Operation ID: {0,1086338} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab577.tmp Handle ID: 4056 Operation ID: {0,1086337} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab577.tmp Handle ID: 3556 Operation ID: {0,1086336} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab577.tmp Handle ID: 3556 Operation ID: {0,1086327} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar578.tmp Handle ID: 3556 Operation ID: {0,1086324} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab577.tmp Handle ID: 3556 Operation ID: {0,1086320} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,1086267} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,1086201} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar576.tmp Handle ID: 3500 Operation ID: {0,1086163} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab575.tmp Handle ID: 3500 Operation ID: {0,1086152} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar576.tmp Handle ID: 3500 Operation ID: {0,1086145} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar576.tmp Handle ID: 3556 Operation ID: {0,1086130} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab575.tmp Handle ID: 3500 Operation ID: {0,1086123} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab575.tmp Handle ID: 3028 Operation ID: {0,1086122} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab575.tmp Handle ID: 3028 Operation ID: {0,1086109} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar576.tmp Handle ID: 3028 Operation ID: {0,1086108} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab575.tmp Handle ID: 3028 Operation ID: {0,1086102} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3556 Operation ID: {0,1086067} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3556 Operation ID: {0,1086029} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,1085986} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2524 Operation ID: {0,1085941} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar574.tmp Handle ID: 3556 Operation ID: {0,1085910} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab573.tmp Handle ID: 3556 Operation ID: {0,1085901} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar574.tmp Handle ID: 3556 Operation ID: {0,1085894} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar574.tmp Handle ID: 2524 Operation ID: {0,1085877} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab573.tmp Handle ID: 3556 Operation ID: {0,1085872} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab573.tmp Handle ID: 3800 Operation ID: {0,1085871} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab573.tmp Handle ID: 3800 Operation ID: {0,1085860} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar574.tmp Handle ID: 3800 Operation ID: {0,1085857} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab573.tmp Handle ID: 3800 Operation ID: {0,1085851} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,1085798} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3660 Operation ID: {0,1085730} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar572.tmp Handle ID: 3800 Operation ID: {0,1085693} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab571.tmp Handle ID: 3800 Operation ID: {0,1085686} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar572.tmp Handle ID: 3800 Operation ID: {0,1085679} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar572.tmp Handle ID: 4056 Operation ID: {0,1085662} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab571.tmp Handle ID: 3800 Operation ID: {0,1085657} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab571.tmp Handle ID: 3556 Operation ID: {0,1085656} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab571.tmp Handle ID: 3556 Operation ID: {0,1085645} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar572.tmp Handle ID: 3556 Operation ID: {0,1085642} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab571.tmp Handle ID: 3556 Operation ID: {0,1085636} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4056 Operation ID: {0,1085601} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4056 Operation ID: {0,1085563} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,1085520} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3028 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3028 Operation ID: {0,1085475} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar570.tmp Handle ID: 4056 Operation ID: {0,1085446} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab56F.tmp Handle ID: 4056 Operation ID: {0,1085437} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar570.tmp Handle ID: 4056 Operation ID: {0,1085430} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar570.tmp Handle ID: 3028 Operation ID: {0,1085415} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab56F.tmp Handle ID: 4056 Operation ID: {0,1085408} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab56F.tmp Handle ID: 3836 Operation ID: {0,1085407} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab56F.tmp Handle ID: 3836 Operation ID: {0,1085398} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar570.tmp Handle ID: 3836 Operation ID: {0,1085391} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab56F.tmp Handle ID: 3836 Operation ID: {0,1085387} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,1085334} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,1085270} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar56E.tmp Handle ID: 3556 Operation ID: {0,1085232} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab56D.tmp Handle ID: 3556 Operation ID: {0,1085223} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar56E.tmp Handle ID: 3556 Operation ID: {0,1085216} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar56E.tmp Handle ID: 4056 Operation ID: {0,1085201} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab56D.tmp Handle ID: 3556 Operation ID: {0,1085198} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab56D.tmp Handle ID: 2524 Operation ID: {0,1085197} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab56D.tmp Handle ID: 2524 Operation ID: {0,1085188} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar56E.tmp Handle ID: 2524 Operation ID: {0,1085183} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab56D.tmp Handle ID: 2524 Operation ID: {0,1085177} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4056 Operation ID: {0,1085142} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4056 Operation ID: {0,1085104} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,1085061} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3836 Operation ID: {0,1085014} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar56C.tmp Handle ID: 2524 Operation ID: {0,1084983} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab56B.tmp Handle ID: 2524 Operation ID: {0,1084974} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar56C.tmp Handle ID: 2524 Operation ID: {0,1084965} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar56C.tmp Handle ID: 3836 Operation ID: {0,1084956} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab56B.tmp Handle ID: 2524 Operation ID: {0,1084951} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab56B.tmp Handle ID: 3632 Operation ID: {0,1084950} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab56B.tmp Handle ID: 3632 Operation ID: {0,1084939} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar56C.tmp Handle ID: 3632 Operation ID: {0,1084936} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab56B.tmp Handle ID: 3632 Operation ID: {0,1084930} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,1084877} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,1084816} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar56A.tmp Handle ID: 3632 Operation ID: {0,1084780} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab569.tmp Handle ID: 3632 Operation ID: {0,1084771} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar56A.tmp Handle ID: 3632 Operation ID: {0,1084764} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar56A.tmp Handle ID: 2524 Operation ID: {0,1084747} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab569.tmp Handle ID: 3632 Operation ID: {0,1084742} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab569.tmp Handle ID: 3800 Operation ID: {0,1084741} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab569.tmp Handle ID: 3800 Operation ID: {0,1084730} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar56A.tmp Handle ID: 3800 Operation ID: {0,1084727} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab569.tmp Handle ID: 3800 Operation ID: {0,1084721} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2524 Operation ID: {0,1084686} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2524 Operation ID: {0,1084648} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,1084605} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar568.tmp Handle ID: 3028 Operation ID: {0,1084567} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab567.tmp Handle ID: 3028 Operation ID: {0,1084558} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar568.tmp Handle ID: 3028 Operation ID: {0,1084549} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar568.tmp Handle ID: 3864 Operation ID: {0,1084536} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab567.tmp Handle ID: 3028 Operation ID: {0,1084529} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab567.tmp Handle ID: 3800 Operation ID: {0,1084528} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab567.tmp Handle ID: 3800 Operation ID: {0,1084519} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar568.tmp Handle ID: 3800 Operation ID: {0,1084514} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab567.tmp Handle ID: 3800 Operation ID: {0,1084508} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,1084455} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,1084392} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar566.tmp Handle ID: 3632 Operation ID: {0,1084354} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab565.tmp Handle ID: 3632 Operation ID: {0,1084341} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar566.tmp Handle ID: 3632 Operation ID: {0,1084338} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar566.tmp Handle ID: 3028 Operation ID: {0,1084321} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab565.tmp Handle ID: 3632 Operation ID: {0,1084316} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab565.tmp Handle ID: 4056 Operation ID: {0,1084315} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab565.tmp Handle ID: 4056 Operation ID: {0,1084304} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar566.tmp Handle ID: 4056 Operation ID: {0,1084301} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab565.tmp Handle ID: 4056 Operation ID: {0,1084295} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3028 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3028 Operation ID: {0,1084260} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3028 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3028 Operation ID: {0,1084222} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3028 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3028 Operation ID: {0,1084181} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3848 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3848 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3848 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3848 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar564.tmp Handle ID: 3848 Operation ID: {0,1084013} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3848 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3848 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3848 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3848 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab563.tmp Handle ID: 3848 Operation ID: {0,1084006} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3848 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3848 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar564.tmp Handle ID: 3848 Operation ID: {0,1084001} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3848 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3848 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar564.tmp Handle ID: 3836 Operation ID: {0,1083986} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab563.tmp Handle ID: 3848 Operation ID: {0,1083981} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab563.tmp Handle ID: 3844 Operation ID: {0,1083980} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab563.tmp Handle ID: 3844 Operation ID: {0,1083967} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar564.tmp Handle ID: 3844 Operation ID: {0,1083966} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab563.tmp Handle ID: 3844 Operation ID: {0,1083962} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4040 Operation ID: {0,1083909} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4040 Operation ID: {0,1083846} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar562.tmp Handle ID: 4056 Operation ID: {0,1083808} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab561.tmp Handle ID: 4056 Operation ID: {0,1083795} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar562.tmp Handle ID: 4056 Operation ID: {0,1083792} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3848 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3848 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3848 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar562.tmp Handle ID: 3848 Operation ID: {0,1083775} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab561.tmp Handle ID: 4056 Operation ID: {0,1083770} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab561.tmp Handle ID: 3632 Operation ID: {0,1083769} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab561.tmp Handle ID: 3632 Operation ID: {0,1083758} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar562.tmp Handle ID: 3632 Operation ID: {0,1083755} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab561.tmp Handle ID: 3632 Operation ID: {0,1083748} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3848 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3848 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3848 Operation ID: {0,1083713} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3848 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3848 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3848 Operation ID: {0,1083675} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4040 Operation ID: {0,1083634} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3844 Operation ID: {0,1083589} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar560.tmp Handle ID: 3632 Operation ID: {0,1083560} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab55F.tmp Handle ID: 3632 Operation ID: {0,1083551} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar560.tmp Handle ID: 3632 Operation ID: {0,1083544} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3868 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar560.tmp Handle ID: 3844 Operation ID: {0,1083527} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3868 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab55F.tmp Handle ID: 3632 Operation ID: {0,1083522} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab55F.tmp Handle ID: 3868 Operation ID: {0,1083521} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3868 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3868 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab55F.tmp Handle ID: 3868 Operation ID: {0,1083510} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3868 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar560.tmp Handle ID: 3868 Operation ID: {0,1083507} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3868 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab55F.tmp Handle ID: 3868 Operation ID: {0,1083501} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4040 Operation ID: {0,1083448} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4040 Operation ID: {0,1083382} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3868 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3868 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3868 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3868 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar55E.tmp Handle ID: 3868 Operation ID: {0,1083342} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3868 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3868 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3868 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3868 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab55D.tmp Handle ID: 3868 Operation ID: {0,1083329} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3868 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3868 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar55E.tmp Handle ID: 3868 Operation ID: {0,1083324} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3868 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3868 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar55E.tmp Handle ID: 3632 Operation ID: {0,1083305} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab55D.tmp Handle ID: 3868 Operation ID: {0,1083302} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab55D.tmp Handle ID: 1780 Operation ID: {0,1083301} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab55D.tmp Handle ID: 1780 Operation ID: {0,1083292} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar55E.tmp Handle ID: 1780 Operation ID: {0,1083287} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab55D.tmp Handle ID: 1780 Operation ID: {0,1083281} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,1083246} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,1083208} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4040 Operation ID: {0,1083164} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,1083119} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar55C.tmp Handle ID: 3632 Operation ID: {0,1083090} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab55B.tmp Handle ID: 3632 Operation ID: {0,1083081} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar55C.tmp Handle ID: 3632 Operation ID: {0,1083074} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar55C.tmp Handle ID: 3544 Operation ID: {0,1083057} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab55B.tmp Handle ID: 3632 Operation ID: {0,1083052} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab55B.tmp Handle ID: 3836 Operation ID: {0,1083051} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab55B.tmp Handle ID: 3836 Operation ID: {0,1083040} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar55C.tmp Handle ID: 3836 Operation ID: {0,1083037} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab55B.tmp Handle ID: 3836 Operation ID: {0,1083031} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4040 Operation ID: {0,1082978} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4040 Operation ID: {0,1082917} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar55A.tmp Handle ID: 3836 Operation ID: {0,1082875} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab559.tmp Handle ID: 3836 Operation ID: {0,1082866} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar55A.tmp Handle ID: 3836 Operation ID: {0,1082859} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3848 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar55A.tmp Handle ID: 3632 Operation ID: {0,1082842} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3848 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab559.tmp Handle ID: 3836 Operation ID: {0,1082837} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab559.tmp Handle ID: 3848 Operation ID: {0,1082836} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3848 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3848 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab559.tmp Handle ID: 3848 Operation ID: {0,1082825} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3848 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar55A.tmp Handle ID: 3848 Operation ID: {0,1082822} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3848 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab559.tmp Handle ID: 3848 Operation ID: {0,1082816} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,1082781} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,1082743} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4040 Operation ID: {0,1082700} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3028 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3028 Operation ID: {0,1082655} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3848 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3848 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3848 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3848 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar558.tmp Handle ID: 3848 Operation ID: {0,1082626} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3848 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3848 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3848 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3848 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab557.tmp Handle ID: 3848 Operation ID: {0,1082615} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3848 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3848 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar558.tmp Handle ID: 3848 Operation ID: {0,1082608} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3848 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3848 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar558.tmp Handle ID: 3028 Operation ID: {0,1082595} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab557.tmp Handle ID: 3848 Operation ID: {0,1082588} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab557.tmp Handle ID: 3844 Operation ID: {0,1082587} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab557.tmp Handle ID: 3844 Operation ID: {0,1082578} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar558.tmp Handle ID: 3844 Operation ID: {0,1082571} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab557.tmp Handle ID: 3844 Operation ID: {0,1082567} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4040 Operation ID: {0,1082514} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4040 Operation ID: {0,1082451} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar556.tmp Handle ID: 3844 Operation ID: {0,1082413} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab555.tmp Handle ID: 3844 Operation ID: {0,1082404} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar556.tmp Handle ID: 3844 Operation ID: {0,1082397} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3868 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3848 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3848 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3848 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar556.tmp Handle ID: 3848 Operation ID: {0,1082380} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3868 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab555.tmp Handle ID: 3844 Operation ID: {0,1082375} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab555.tmp Handle ID: 3868 Operation ID: {0,1082374} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3868 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3868 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab555.tmp Handle ID: 3868 Operation ID: {0,1082363} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3868 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar556.tmp Handle ID: 3868 Operation ID: {0,1082360} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3868 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab555.tmp Handle ID: 3868 Operation ID: {0,1082354} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3848 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3848 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3848 Operation ID: {0,1082315} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3848 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3848 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3848 Operation ID: {0,1082277} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4040 Operation ID: {0,1082232} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3868 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3868 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3868 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3868 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar554.tmp Handle ID: 3868 Operation ID: {0,1082196} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3868 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3868 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3868 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3868 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab553.tmp Handle ID: 3868 Operation ID: {0,1082187} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3868 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3868 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar554.tmp Handle ID: 3868 Operation ID: {0,1082178} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3868 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3868 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar554.tmp Handle ID: 4056 Operation ID: {0,1082165} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab553.tmp Handle ID: 3868 Operation ID: {0,1082158} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab553.tmp Handle ID: 3544 Operation ID: {0,1082157} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab553.tmp Handle ID: 3544 Operation ID: {0,1082148} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar554.tmp Handle ID: 3544 Operation ID: {0,1082141} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab553.tmp Handle ID: 3544 Operation ID: {0,1082137} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4040 Operation ID: {0,1082084} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4040 Operation ID: {0,1082019} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar552.tmp Handle ID: 3632 Operation ID: {0,1081981} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab551.tmp Handle ID: 3632 Operation ID: {0,1081972} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar552.tmp Handle ID: 3632 Operation ID: {0,1081965} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar552.tmp Handle ID: 3028 Operation ID: {0,1081948} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab551.tmp Handle ID: 3632 Operation ID: {0,1081943} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab551.tmp Handle ID: 3544 Operation ID: {0,1081942} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab551.tmp Handle ID: 3544 Operation ID: {0,1081931} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar552.tmp Handle ID: 3544 Operation ID: {0,1081928} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab551.tmp Handle ID: 1780 Operation ID: {0,1081919} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,1081886} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,1081852} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,1081811} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 464 Process ID: 1872 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 464 Object Type: Key Process ID: 1872 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 464 Operation ID: {0,1079032} Process ID: 1872 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 176 Process ID: 1872 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 176 Object Type: Key Process ID: 1872 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 176 Operation ID: {0,1078667} Process ID: 1872 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 164 Process ID: 1872 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 164 Object Type: Key Process ID: 1872 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 164 Operation ID: {0,1078604} Process ID: 1872 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:50:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1536 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:50:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1536 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1536 Operation ID: {0,1078450} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 464 Process ID: 4732 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 464 Object Type: Key Process ID: 4732 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 464 Operation ID: {0,1073402} Process ID: 4732 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 176 Process ID: 4732 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 176 Object Type: Key Process ID: 4732 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 176 Operation ID: {0,1073025} Process ID: 4732 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 164 Process ID: 4732 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 164 Object Type: Key Process ID: 4732 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 164 Operation ID: {0,1072962} Process ID: 4732 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:50:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1532 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:50:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1532 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1532 Operation ID: {0,1072808} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:06 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar550.tmp Handle ID: 1780 Operation ID: {0,1072637} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:06 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab54F.tmp Handle ID: 1780 Operation ID: {0,1072628} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar550.tmp Handle ID: 1780 Operation ID: {0,1072623} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar550.tmp Handle ID: 3420 Operation ID: {0,1072604} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab54F.tmp Handle ID: 1780 Operation ID: {0,1072601} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab54F.tmp Handle ID: 3632 Operation ID: {0,1072600} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab54F.tmp Handle ID: 3632 Operation ID: {0,1072591} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar550.tmp Handle ID: 3632 Operation ID: {0,1072586} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab54F.tmp Handle ID: 3632 Operation ID: {0,1072580} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4056 Operation ID: {0,1072527} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4056 Operation ID: {0,1072453} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar54E.tmp Handle ID: 3420 Operation ID: {0,1072415} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab54D.tmp Handle ID: 3844 Operation ID: {0,1072403} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar54E.tmp Handle ID: 3844 Operation ID: {0,1072396} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar54E.tmp Handle ID: 3632 Operation ID: {0,1072379} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab54D.tmp Handle ID: 3844 Operation ID: {0,1072374} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab54D.tmp Handle ID: 3420 Operation ID: {0,1072373} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab54D.tmp Handle ID: 3420 Operation ID: {0,1072364} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar54E.tmp Handle ID: 3420 Operation ID: {0,1072359} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab54D.tmp Handle ID: 3420 Operation ID: {0,1072351} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,1072322} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,1072284} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4056 Operation ID: {0,1072241} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3744 Operation ID: {0,1072187} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar54C.tmp Handle ID: 3632 Operation ID: {0,1072156} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab54B.tmp Handle ID: 3632 Operation ID: {0,1072147} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar54C.tmp Handle ID: 3632 Operation ID: {0,1072140} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar54C.tmp Handle ID: 3744 Operation ID: {0,1072123} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab54B.tmp Handle ID: 3632 Operation ID: {0,1072118} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab54B.tmp Handle ID: 3780 Operation ID: {0,1072117} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab54B.tmp Handle ID: 3780 Operation ID: {0,1072106} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar54C.tmp Handle ID: 3780 Operation ID: {0,1072103} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab54B.tmp Handle ID: 3780 Operation ID: {0,1072097} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4056 Operation ID: {0,1072044} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4056 Operation ID: {0,1071980} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar54A.tmp Handle ID: 3420 Operation ID: {0,1071940} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab549.tmp Handle ID: 3420 Operation ID: {0,1071931} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar54A.tmp Handle ID: 3420 Operation ID: {0,1071924} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar54A.tmp Handle ID: 3632 Operation ID: {0,1071909} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab549.tmp Handle ID: 3420 Operation ID: {0,1071902} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab549.tmp Handle ID: 2524 Operation ID: {0,1071901} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab549.tmp Handle ID: 2524 Operation ID: {0,1071892} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar54A.tmp Handle ID: 2524 Operation ID: {0,1071885} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab549.tmp Handle ID: 2524 Operation ID: {0,1071881} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,1071846} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,1071808} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4056 Operation ID: {0,1071765} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3780 Operation ID: {0,1071715} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar548.tmp Handle ID: 2524 Operation ID: {0,1071686} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab547.tmp Handle ID: 2524 Operation ID: {0,1071675} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar548.tmp Handle ID: 2524 Operation ID: {0,1071670} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar548.tmp Handle ID: 3780 Operation ID: {0,1071657} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab547.tmp Handle ID: 2524 Operation ID: {0,1071652} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab547.tmp Handle ID: 1780 Operation ID: {0,1071651} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab547.tmp Handle ID: 1780 Operation ID: {0,1071640} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar548.tmp Handle ID: 1780 Operation ID: {0,1071637} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab547.tmp Handle ID: 1780 Operation ID: {0,1071631} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4056 Operation ID: {0,1071578} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4056 Operation ID: {0,1071515} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar546.tmp Handle ID: 1780 Operation ID: {0,1071478} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab545.tmp Handle ID: 1780 Operation ID: {0,1071471} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar546.tmp Handle ID: 1780 Operation ID: {0,1071468} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar546.tmp Handle ID: 2524 Operation ID: {0,1071453} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab545.tmp Handle ID: 1780 Operation ID: {0,1071450} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab545.tmp Handle ID: 3844 Operation ID: {0,1071449} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab545.tmp Handle ID: 3844 Operation ID: {0,1071438} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar546.tmp Handle ID: 3844 Operation ID: {0,1071437} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab545.tmp Handle ID: 3844 Operation ID: {0,1071431} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2524 Operation ID: {0,1071396} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2524 Operation ID: {0,1071358} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4056 Operation ID: {0,1071315} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3864 Operation ID: {0,1071270} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar544.tmp Handle ID: 2524 Operation ID: {0,1071241} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab543.tmp Handle ID: 2524 Operation ID: {0,1071230} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar544.tmp Handle ID: 2524 Operation ID: {0,1071223} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar544.tmp Handle ID: 3864 Operation ID: {0,1071208} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab543.tmp Handle ID: 2524 Operation ID: {0,1071203} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab543.tmp Handle ID: 3744 Operation ID: {0,1071202} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab543.tmp Handle ID: 3744 Operation ID: {0,1071193} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar544.tmp Handle ID: 3744 Operation ID: {0,1071186} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab543.tmp Handle ID: 3744 Operation ID: {0,1071182} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4056 Operation ID: {0,1071129} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4056 Operation ID: {0,1071057} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar542.tmp Handle ID: 3844 Operation ID: {0,1071019} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab541.tmp Handle ID: 3844 Operation ID: {0,1071010} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar542.tmp Handle ID: 3844 Operation ID: {0,1071003} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar542.tmp Handle ID: 2524 Operation ID: {0,1070986} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab541.tmp Handle ID: 3844 Operation ID: {0,1070981} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab541.tmp Handle ID: 3632 Operation ID: {0,1070980} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab541.tmp Handle ID: 3632 Operation ID: {0,1070969} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar542.tmp Handle ID: 3632 Operation ID: {0,1070966} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab541.tmp Handle ID: 3632 Operation ID: {0,1070960} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2524 Operation ID: {0,1070925} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2524 Operation ID: {0,1070887} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4056 Operation ID: {0,1070844} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar540.tmp Handle ID: 3632 Operation ID: {0,1070808} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab53F.tmp Handle ID: 3632 Operation ID: {0,1070797} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar540.tmp Handle ID: 3632 Operation ID: {0,1070790} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar540.tmp Handle ID: 3744 Operation ID: {0,1070771} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab53F.tmp Handle ID: 3632 Operation ID: {0,1070768} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab53F.tmp Handle ID: 3780 Operation ID: {0,1070767} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab53F.tmp Handle ID: 3780 Operation ID: {0,1070758} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar540.tmp Handle ID: 3780 Operation ID: {0,1070753} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab53F.tmp Handle ID: 3780 Operation ID: {0,1070747} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4056 Operation ID: {0,1070694} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4056 Operation ID: {0,1070622} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar53E.tmp Handle ID: 1780 Operation ID: {0,1070582} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab53D.tmp Handle ID: 1780 Operation ID: {0,1070569} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar53E.tmp Handle ID: 1780 Operation ID: {0,1070566} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar53E.tmp Handle ID: 3632 Operation ID: {0,1070549} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab53D.tmp Handle ID: 1780 Operation ID: {0,1070544} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab53D.tmp Handle ID: 3780 Operation ID: {0,1070543} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab53D.tmp Handle ID: 3780 Operation ID: {0,1070532} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar53E.tmp Handle ID: 3780 Operation ID: {0,1070529} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab53D.tmp Handle ID: 3780 Operation ID: {0,1070523} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,1070488} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,1070450} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,1070409} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar53C.tmp Handle ID: 3544 Operation ID: {0,1070319} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab53B.tmp Handle ID: 3544 Operation ID: {0,1070314} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar53C.tmp Handle ID: 3544 Operation ID: {0,1070311} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar53C.tmp Handle ID: 3632 Operation ID: {0,1070298} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab53B.tmp Handle ID: 3544 Operation ID: {0,1070295} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab53B.tmp Handle ID: 3800 Operation ID: {0,1070294} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab53B.tmp Handle ID: 3800 Operation ID: {0,1070285} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar53C.tmp Handle ID: 3800 Operation ID: {0,1070284} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab53B.tmp Handle ID: 3800 Operation ID: {0,1070280} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4056 Operation ID: {0,1070227} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4056 Operation ID: {0,1070164} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar53A.tmp Handle ID: 3420 Operation ID: {0,1070125} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab539.tmp Handle ID: 3420 Operation ID: {0,1070116} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar53A.tmp Handle ID: 3420 Operation ID: {0,1070109} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3868 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar53A.tmp Handle ID: 3544 Operation ID: {0,1070092} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3868 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab539.tmp Handle ID: 3420 Operation ID: {0,1070087} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab539.tmp Handle ID: 3868 Operation ID: {0,1070086} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3868 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3868 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab539.tmp Handle ID: 3868 Operation ID: {0,1070075} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3868 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar53A.tmp Handle ID: 3868 Operation ID: {0,1070072} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3868 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab539.tmp Handle ID: 3868 Operation ID: {0,1070066} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,1070031} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,1069993} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4056 Operation ID: {0,1069950} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3800 Operation ID: {0,1069905} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3868 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3868 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3868 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3868 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar538.tmp Handle ID: 3868 Operation ID: {0,1069878} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3868 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3868 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3868 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3868 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab537.tmp Handle ID: 3868 Operation ID: {0,1069871} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3868 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3868 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar538.tmp Handle ID: 3868 Operation ID: {0,1069864} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3868 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3868 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar538.tmp Handle ID: 3800 Operation ID: {0,1069850} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab537.tmp Handle ID: 3868 Operation ID: {0,1069844} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab537.tmp Handle ID: 2524 Operation ID: {0,1069843} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab537.tmp Handle ID: 2524 Operation ID: {0,1069834} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar538.tmp Handle ID: 2524 Operation ID: {0,1069827} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab537.tmp Handle ID: 2524 Operation ID: {0,1069823} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4056 Operation ID: {0,1069770} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4056 Operation ID: {0,1069703} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar536.tmp Handle ID: 3800 Operation ID: {0,1069664} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab535.tmp Handle ID: 3800 Operation ID: {0,1069655} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar536.tmp Handle ID: 3800 Operation ID: {0,1069648} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar536.tmp Handle ID: 2524 Operation ID: {0,1069631} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab535.tmp Handle ID: 3800 Operation ID: {0,1069626} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab535.tmp Handle ID: 3844 Operation ID: {0,1069625} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab535.tmp Handle ID: 3844 Operation ID: {0,1069614} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar536.tmp Handle ID: 3844 Operation ID: {0,1069611} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab535.tmp Handle ID: 3844 Operation ID: {0,1069605} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2524 Operation ID: {0,1069570} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2524 Operation ID: {0,1069532} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4056 Operation ID: {0,1069488} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3744 Operation ID: {0,1069438} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar534.tmp Handle ID: 3844 Operation ID: {0,1069409} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab533.tmp Handle ID: 3844 Operation ID: {0,1069400} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar534.tmp Handle ID: 3844 Operation ID: {0,1069393} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar534.tmp Handle ID: 3744 Operation ID: {0,1069378} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab533.tmp Handle ID: 3844 Operation ID: {0,1069373} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab533.tmp Handle ID: 3632 Operation ID: {0,1069370} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab533.tmp Handle ID: 3632 Operation ID: {0,1069361} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar534.tmp Handle ID: 3632 Operation ID: {0,1069354} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab533.tmp Handle ID: 3632 Operation ID: {0,1069350} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4056 Operation ID: {0,1069297} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4056 Operation ID: {0,1069234} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar532.tmp Handle ID: 3632 Operation ID: {0,1069196} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab531.tmp Handle ID: 3632 Operation ID: {0,1069187} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar532.tmp Handle ID: 3632 Operation ID: {0,1069180} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar532.tmp Handle ID: 3844 Operation ID: {0,1069163} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab531.tmp Handle ID: 3632 Operation ID: {0,1069158} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab531.tmp Handle ID: 3544 Operation ID: {0,1069157} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab531.tmp Handle ID: 3544 Operation ID: {0,1069146} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar532.tmp Handle ID: 3544 Operation ID: {0,1069143} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab531.tmp Handle ID: 3544 Operation ID: {0,1069137} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3844 Operation ID: {0,1069102} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3844 Operation ID: {0,1069064} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4056 Operation ID: {0,1069023} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3864 Operation ID: {0,1068978} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar530.tmp Handle ID: 3544 Operation ID: {0,1068949} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab52F.tmp Handle ID: 3544 Operation ID: {0,1068938} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar530.tmp Handle ID: 3544 Operation ID: {0,1068929} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3868 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar530.tmp Handle ID: 3864 Operation ID: {0,1068916} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3868 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab52F.tmp Handle ID: 3544 Operation ID: {0,1068909} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab52F.tmp Handle ID: 3868 Operation ID: {0,1068908} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3868 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3868 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab52F.tmp Handle ID: 3868 Operation ID: {0,1068899} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3868 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar530.tmp Handle ID: 3868 Operation ID: {0,1068892} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3868 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab52F.tmp Handle ID: 3868 Operation ID: {0,1068888} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4056 Operation ID: {0,1068835} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4056 Operation ID: {0,1068768} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar52E.tmp Handle ID: 3864 Operation ID: {0,1068730} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab52D.tmp Handle ID: 3864 Operation ID: {0,1068721} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar52E.tmp Handle ID: 3864 Operation ID: {0,1068714} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3868 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3868 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3868 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar52E.tmp Handle ID: 3868 Operation ID: {0,1068697} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab52D.tmp Handle ID: 3864 Operation ID: {0,1068692} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab52D.tmp Handle ID: 2524 Operation ID: {0,1068691} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab52D.tmp Handle ID: 2524 Operation ID: {0,1068680} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar52E.tmp Handle ID: 2524 Operation ID: {0,1068677} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab52D.tmp Handle ID: 2524 Operation ID: {0,1068671} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3868 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3868 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3868 Operation ID: {0,1068627} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4020 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4020 Operation ID: {0,1068531} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3800 Operation ID: {0,1068476} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar52C.tmp Handle ID: 4056 Operation ID: {0,1068440} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab52B.tmp Handle ID: 4056 Operation ID: {0,1068431} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar52C.tmp Handle ID: 4056 Operation ID: {0,1068422} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar52C.tmp Handle ID: 3028 Operation ID: {0,1068409} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4020 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab52B.tmp Handle ID: 4056 Operation ID: {0,1068402} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab52B.tmp Handle ID: 4020 Operation ID: {0,1068401} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4020 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab52B.tmp Handle ID: 4020 Operation ID: {0,1068392} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar52C.tmp Handle ID: 4020 Operation ID: {0,1068385} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab52B.tmp Handle ID: 4020 Operation ID: {0,1068381} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3800 Operation ID: {0,1068328} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3800 Operation ID: {0,1068265} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar52A.tmp Handle ID: 4008 Operation ID: {0,1068222} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab529.tmp Handle ID: 4008 Operation ID: {0,1068209} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar52A.tmp Handle ID: 4008 Operation ID: {0,1068204} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar52A.tmp Handle ID: 4056 Operation ID: {0,1068187} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab529.tmp Handle ID: 4008 Operation ID: {0,1068182} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab529.tmp Handle ID: 3632 Operation ID: {0,1068181} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab529.tmp Handle ID: 3632 Operation ID: {0,1068170} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar52A.tmp Handle ID: 3632 Operation ID: {0,1068167} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab529.tmp Handle ID: 3632 Operation ID: {0,1068153} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4056 Operation ID: {0,1068118} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4056 Operation ID: {0,1068080} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4056 Operation ID: {0,1068039} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar528.tmp Handle ID: 3780 Operation ID: {0,1067946} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab527.tmp Handle ID: 3780 Operation ID: {0,1067939} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar528.tmp Handle ID: 3780 Operation ID: {0,1067936} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar528.tmp Handle ID: 4056 Operation ID: {0,1067919} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab527.tmp Handle ID: 3780 Operation ID: {0,1067914} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab527.tmp Handle ID: 1780 Operation ID: {0,1067913} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab527.tmp Handle ID: 1780 Operation ID: {0,1067902} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar528.tmp Handle ID: 1780 Operation ID: {0,1067899} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab527.tmp Handle ID: 1780 Operation ID: {0,1067893} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3800 Operation ID: {0,1067840} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3800 Operation ID: {0,1067777} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar526.tmp Handle ID: 4056 Operation ID: {0,1067741} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab525.tmp Handle ID: 4056 Operation ID: {0,1067732} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar526.tmp Handle ID: 4056 Operation ID: {0,1067725} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar526.tmp Handle ID: 1780 Operation ID: {0,1067710} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab525.tmp Handle ID: 4056 Operation ID: {0,1067703} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab525.tmp Handle ID: 3844 Operation ID: {0,1067702} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab525.tmp Handle ID: 3844 Operation ID: {0,1067693} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar526.tmp Handle ID: 3844 Operation ID: {0,1067686} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab525.tmp Handle ID: 3844 Operation ID: {0,1067682} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1780 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1780 Operation ID: {0,1067647} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1780 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1780 Operation ID: {0,1067609} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3800 Operation ID: {0,1067566} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,1067523} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar524.tmp Handle ID: 1780 Operation ID: {0,1067494} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab523.tmp Handle ID: 1780 Operation ID: {0,1067485} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar524.tmp Handle ID: 1780 Operation ID: {0,1067478} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar524.tmp Handle ID: 3544 Operation ID: {0,1067463} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab523.tmp Handle ID: 1780 Operation ID: {0,1067456} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab523.tmp Handle ID: 3660 Operation ID: {0,1067455} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab523.tmp Handle ID: 3660 Operation ID: {0,1067446} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar524.tmp Handle ID: 3660 Operation ID: {0,1067439} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab523.tmp Handle ID: 3660 Operation ID: {0,1067435} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3800 Operation ID: {0,1067381} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3800 Operation ID: {0,1067318} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar522.tmp Handle ID: 3844 Operation ID: {0,1067280} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab521.tmp Handle ID: 3844 Operation ID: {0,1067267} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar522.tmp Handle ID: 3844 Operation ID: {0,1067264} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar522.tmp Handle ID: 1780 Operation ID: {0,1067247} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab521.tmp Handle ID: 3844 Operation ID: {0,1067242} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab521.tmp Handle ID: 3500 Operation ID: {0,1067241} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab521.tmp Handle ID: 3500 Operation ID: {0,1067230} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar522.tmp Handle ID: 3500 Operation ID: {0,1067227} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab521.tmp Handle ID: 3500 Operation ID: {0,1067221} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1780 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1780 Operation ID: {0,1067186} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1780 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1780 Operation ID: {0,1067148} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3800 Operation ID: {0,1067105} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3660 Operation ID: {0,1067060} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar520.tmp Handle ID: 3500 Operation ID: {0,1067031} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab51F.tmp Handle ID: 3500 Operation ID: {0,1067028} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar520.tmp Handle ID: 3500 Operation ID: {0,1067025} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar520.tmp Handle ID: 3660 Operation ID: {0,1067010} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab51F.tmp Handle ID: 3500 Operation ID: {0,1067007} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab51F.tmp Handle ID: 3780 Operation ID: {0,1067006} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab51F.tmp Handle ID: 3780 Operation ID: {0,1066995} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar520.tmp Handle ID: 3780 Operation ID: {0,1066994} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab51F.tmp Handle ID: 3780 Operation ID: {0,1066990} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3800 Operation ID: {0,1066937} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3800 Operation ID: {0,1066874} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar51E.tmp Handle ID: 3780 Operation ID: {0,1066836} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab51D.tmp Handle ID: 3780 Operation ID: {0,1066823} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar51E.tmp Handle ID: 3780 Operation ID: {0,1066820} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar51E.tmp Handle ID: 3500 Operation ID: {0,1066803} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab51D.tmp Handle ID: 3780 Operation ID: {0,1066798} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab51D.tmp Handle ID: 4056 Operation ID: {0,1066797} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab51D.tmp Handle ID: 4056 Operation ID: {0,1066786} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar51E.tmp Handle ID: 4056 Operation ID: {0,1066783} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab51D.tmp Handle ID: 4056 Operation ID: {0,1066777} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3500 Operation ID: {0,1066741} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3500 Operation ID: {0,1066705} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3800 Operation ID: {0,1066662} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4020 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4020 Operation ID: {0,1066614} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar51C.tmp Handle ID: 3500 Operation ID: {0,1066583} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab51B.tmp Handle ID: 3500 Operation ID: {0,1066574} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar51C.tmp Handle ID: 3500 Operation ID: {0,1066567} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4020 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4020 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar51C.tmp Handle ID: 4020 Operation ID: {0,1066550} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab51B.tmp Handle ID: 3500 Operation ID: {0,1066545} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab51B.tmp Handle ID: 3544 Operation ID: {0,1066544} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab51B.tmp Handle ID: 3544 Operation ID: {0,1066533} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar51C.tmp Handle ID: 3544 Operation ID: {0,1066530} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab51B.tmp Handle ID: 3544 Operation ID: {0,1066524} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3800 Operation ID: {0,1066471} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3800 Operation ID: {0,1066404} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar51A.tmp Handle ID: 4056 Operation ID: {0,1066363} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab519.tmp Handle ID: 4056 Operation ID: {0,1066354} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar51A.tmp Handle ID: 4056 Operation ID: {0,1066347} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar51A.tmp Handle ID: 3500 Operation ID: {0,1066332} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab519.tmp Handle ID: 4056 Operation ID: {0,1066325} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab519.tmp Handle ID: 1780 Operation ID: {0,1066324} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab519.tmp Handle ID: 1780 Operation ID: {0,1066315} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar51A.tmp Handle ID: 1780 Operation ID: {0,1066308} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab519.tmp Handle ID: 1780 Operation ID: {0,1066304} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3500 Operation ID: {0,1066269} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3500 Operation ID: {0,1066231} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3800 Operation ID: {0,1066188} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar518.tmp Handle ID: 1780 Operation ID: {0,1066150} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab517.tmp Handle ID: 1780 Operation ID: {0,1066141} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar518.tmp Handle ID: 1780 Operation ID: {0,1066134} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar518.tmp Handle ID: 3544 Operation ID: {0,1066115} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab517.tmp Handle ID: 1780 Operation ID: {0,1066112} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab517.tmp Handle ID: 3660 Operation ID: {0,1066111} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab517.tmp Handle ID: 3660 Operation ID: {0,1066100} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar518.tmp Handle ID: 3660 Operation ID: {0,1066097} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab517.tmp Handle ID: 3660 Operation ID: {0,1066091} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3800 Operation ID: {0,1066038} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3744 Operation ID: {0,1065974} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar516.tmp Handle ID: 3768 Operation ID: {0,1065938} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab515.tmp Handle ID: 3768 Operation ID: {0,1065929} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar516.tmp Handle ID: 3768 Operation ID: {0,1065922} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar516.tmp Handle ID: 3544 Operation ID: {0,1065905} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab515.tmp Handle ID: 3768 Operation ID: {0,1065900} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab515.tmp Handle ID: 4080 Operation ID: {0,1065899} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab515.tmp Handle ID: 4080 Operation ID: {0,1065888} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar516.tmp Handle ID: 4080 Operation ID: {0,1065885} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab515.tmp Handle ID: 4080 Operation ID: {0,1065879} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,1065844} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,1065806} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,1065765} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 464 Process ID: 4576 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 464 Object Type: Key Process ID: 4576 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 464 Operation ID: {0,1062132} Process ID: 4576 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 176 Process ID: 4576 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 176 Object Type: Key Process ID: 4576 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 176 Operation ID: {0,1061764} Process ID: 4576 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 164 Process ID: 4576 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 164 Object Type: Key Process ID: 4576 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 164 Operation ID: {0,1061703} Process ID: 4576 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:50:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1536 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:50:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1536 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1536 Operation ID: {0,1061521} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:00 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 464 Process ID: 4424 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:00 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 464 Object Type: Key Process ID: 4424 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:00 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 464 Operation ID: {0,1057045} Process ID: 4424 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:00 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 176 Process ID: 4424 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:00 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 176 Object Type: Key Process ID: 4424 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:00 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 176 Operation ID: {0,1056565} Process ID: 4424 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:00 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:50:00 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 164 Process ID: 4424 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:50:00 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 164 Object Type: Key Process ID: 4424 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:00 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 164 Operation ID: {0,1056484} Process ID: 4424 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:50:00 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:00 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3736 Operation ID: {0,1056483} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:50:00 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1148 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:50:00 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1148 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:50:00 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1148 Operation ID: {0,1056259} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 464 Process ID: 5316 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:49:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 464 Object Type: Key Process ID: 5316 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 464 Operation ID: {0,1050550} Process ID: 5316 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 176 Process ID: 5316 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:49:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 176 Object Type: Key Process ID: 5316 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 176 Operation ID: {0,1050186} Process ID: 5316 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 164 Process ID: 5316 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:49:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 164 Object Type: Key Process ID: 5316 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 164 Operation ID: {0,1050124} Process ID: 5316 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:49:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1536 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:49:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1536 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1536 Operation ID: {0,1049970} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:54 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 464 Process ID: 2448 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:49:54 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 464 Object Type: Key Process ID: 2448 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:54 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 464 Operation ID: {0,1048495} Process ID: 2448 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:54 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 176 Process ID: 2448 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:49:54 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 176 Object Type: Key Process ID: 2448 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:54 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 176 Operation ID: {0,1048130} Process ID: 2448 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:54 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 164 Process ID: 2448 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:49:54 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 164 Object Type: Key Process ID: 2448 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:54 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 164 Operation ID: {0,1048067} Process ID: 2448 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:49:54 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1532 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:49:54 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1532 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:54 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1532 Operation ID: {0,1047906} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar514.tmp Handle ID: 4080 Operation ID: {0,1044302} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab513.tmp Handle ID: 4080 Operation ID: {0,1044297} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar514.tmp Handle ID: 4080 Operation ID: {0,1044292} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar514.tmp Handle ID: 4008 Operation ID: {0,1044279} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab513.tmp Handle ID: 4080 Operation ID: {0,1044276} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab513.tmp Handle ID: 3768 Operation ID: {0,1044275} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab513.tmp Handle ID: 3768 Operation ID: {0,1044264} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar514.tmp Handle ID: 3768 Operation ID: {0,1044263} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab513.tmp Handle ID: 3768 Operation ID: {0,1044259} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3864 Operation ID: {0,1044206} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3864 Operation ID: {0,1044135} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar512.tmp Handle ID: 3744 Operation ID: {0,1044097} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab511.tmp Handle ID: 3744 Operation ID: {0,1044088} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar512.tmp Handle ID: 3744 Operation ID: {0,1044081} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar512.tmp Handle ID: 4080 Operation ID: {0,1044064} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab511.tmp Handle ID: 3744 Operation ID: {0,1044059} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab511.tmp Handle ID: 3892 Operation ID: {0,1044058} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab511.tmp Handle ID: 3892 Operation ID: {0,1044047} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar512.tmp Handle ID: 3892 Operation ID: {0,1044044} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab511.tmp Handle ID: 3892 Operation ID: {0,1044038} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4080 Operation ID: {0,1044003} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4080 Operation ID: {0,1043965} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3864 Operation ID: {0,1043922} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,1043877} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar510.tmp Handle ID: 3892 Operation ID: {0,1043846} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab50F.tmp Handle ID: 3892 Operation ID: {0,1043837} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar510.tmp Handle ID: 3892 Operation ID: {0,1043830} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar510.tmp Handle ID: 3768 Operation ID: {0,1043815} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab50F.tmp Handle ID: 3892 Operation ID: {0,1043808} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab50F.tmp Handle ID: 3800 Operation ID: {0,1043807} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab50F.tmp Handle ID: 3800 Operation ID: {0,1043798} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar510.tmp Handle ID: 3800 Operation ID: {0,1043793} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab50F.tmp Handle ID: 3800 Operation ID: {0,1043787} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3864 Operation ID: {0,1043734} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3864 Operation ID: {0,1043666} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar50E.tmp Handle ID: 3768 Operation ID: {0,1043627} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab50D.tmp Handle ID: 3768 Operation ID: {0,1043618} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar50E.tmp Handle ID: 3768 Operation ID: {0,1043611} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar50E.tmp Handle ID: 3800 Operation ID: {0,1043594} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab50D.tmp Handle ID: 3768 Operation ID: {0,1043589} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab50D.tmp Handle ID: 3836 Operation ID: {0,1043588} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab50D.tmp Handle ID: 3836 Operation ID: {0,1043576} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar50E.tmp Handle ID: 3836 Operation ID: {0,1043574} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab50D.tmp Handle ID: 3836 Operation ID: {0,1043568} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3800 Operation ID: {0,1043533} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3800 Operation ID: {0,1043495} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3864 Operation ID: {0,1043452} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4056 Operation ID: {0,1043404} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar50C.tmp Handle ID: 3836 Operation ID: {0,1043375} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab50B.tmp Handle ID: 3836 Operation ID: {0,1043366} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar50C.tmp Handle ID: 3836 Operation ID: {0,1043357} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar50C.tmp Handle ID: 4056 Operation ID: {0,1043343} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab50B.tmp Handle ID: 3836 Operation ID: {0,1043337} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab50B.tmp Handle ID: 4008 Operation ID: {0,1043336} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab50B.tmp Handle ID: 4008 Operation ID: {0,1043327} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar50C.tmp Handle ID: 4008 Operation ID: {0,1043320} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab50B.tmp Handle ID: 4008 Operation ID: {0,1043316} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3864 Operation ID: {0,1043263} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3864 Operation ID: {0,1043200} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar50A.tmp Handle ID: 4056 Operation ID: {0,1043162} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab509.tmp Handle ID: 4056 Operation ID: {0,1043153} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar50A.tmp Handle ID: 4056 Operation ID: {0,1043146} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar50A.tmp Handle ID: 4008 Operation ID: {0,1043129} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab509.tmp Handle ID: 4056 Operation ID: {0,1043124} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab509.tmp Handle ID: 4080 Operation ID: {0,1043123} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab509.tmp Handle ID: 4080 Operation ID: {0,1043112} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar50A.tmp Handle ID: 4080 Operation ID: {0,1043109} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab509.tmp Handle ID: 4080 Operation ID: {0,1043103} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4008 Operation ID: {0,1043068} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4008 Operation ID: {0,1043030} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3864 Operation ID: {0,1042987} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3780 Operation ID: {0,1042942} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar508.tmp Handle ID: 4080 Operation ID: {0,1042912} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab507.tmp Handle ID: 4080 Operation ID: {0,1042903} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar508.tmp Handle ID: 4080 Operation ID: {0,1042898} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar508.tmp Handle ID: 3780 Operation ID: {0,1042881} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab507.tmp Handle ID: 4080 Operation ID: {0,1042876} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab507.tmp Handle ID: 3892 Operation ID: {0,1042875} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab507.tmp Handle ID: 3892 Operation ID: {0,1042864} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar508.tmp Handle ID: 3892 Operation ID: {0,1042861} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab507.tmp Handle ID: 3892 Operation ID: {0,1042855} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3864 Operation ID: {0,1042802} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3864 Operation ID: {0,1042741} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar506.tmp Handle ID: 3892 Operation ID: {0,1042707} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab505.tmp Handle ID: 3892 Operation ID: {0,1042700} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar506.tmp Handle ID: 3892 Operation ID: {0,1042691} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar506.tmp Handle ID: 4080 Operation ID: {0,1042646} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab505.tmp Handle ID: 3892 Operation ID: {0,1042643} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab505.tmp Handle ID: 3800 Operation ID: {0,1042639} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab505.tmp Handle ID: 3800 Operation ID: {0,1042613} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar506.tmp Handle ID: 3800 Operation ID: {0,1042601} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab505.tmp Handle ID: 3800 Operation ID: {0,1042570} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4080 Operation ID: {0,1042502} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4080 Operation ID: {0,1042462} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3864 Operation ID: {0,1042419} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar504.tmp Handle ID: 3800 Operation ID: {0,1042385} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab503.tmp Handle ID: 3800 Operation ID: {0,1042380} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar504.tmp Handle ID: 3800 Operation ID: {0,1042373} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar504.tmp Handle ID: 3744 Operation ID: {0,1042360} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab503.tmp Handle ID: 3800 Operation ID: {0,1042357} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab503.tmp Handle ID: 3836 Operation ID: {0,1042356} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab503.tmp Handle ID: 3836 Operation ID: {0,1042347} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar504.tmp Handle ID: 3836 Operation ID: {0,1042346} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab503.tmp Handle ID: 3836 Operation ID: {0,1042342} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3864 Operation ID: {0,1042289} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3864 Operation ID: {0,1042226} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar502.tmp Handle ID: 3892 Operation ID: {0,1042185} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab501.tmp Handle ID: 3892 Operation ID: {0,1042178} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar502.tmp Handle ID: 3892 Operation ID: {0,1042171} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar502.tmp Handle ID: 3800 Operation ID: {0,1042154} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab501.tmp Handle ID: 3892 Operation ID: {0,1042149} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab501.tmp Handle ID: 4008 Operation ID: {0,1042148} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab501.tmp Handle ID: 4008 Operation ID: {0,1042137} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar502.tmp Handle ID: 4008 Operation ID: {0,1042134} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab501.tmp Handle ID: 4008 Operation ID: {0,1042128} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3800 Operation ID: {0,1042093} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3800 Operation ID: {0,1042057} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3800 Operation ID: {0,1042022} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3840 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3840 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3840 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3840 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar500.tmp Handle ID: 3840 Operation ID: {0,1041232} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3840 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3840 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3840 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3840 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4FF.tmp Handle ID: 3840 Operation ID: {0,1041225} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3840 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3840 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar500.tmp Handle ID: 3840 Operation ID: {0,1041218} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3840 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3840 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar500.tmp Handle ID: 3744 Operation ID: {0,1041203} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4FF.tmp Handle ID: 3840 Operation ID: {0,1041196} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4FF.tmp Handle ID: 3556 Operation ID: {0,1041195} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4FF.tmp Handle ID: 3556 Operation ID: {0,1041186} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar500.tmp Handle ID: 3556 Operation ID: {0,1041179} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4FF.tmp Handle ID: 3556 Operation ID: {0,1041175} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3892 Operation ID: {0,1041122} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3892 Operation ID: {0,1040245} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4FE.tmp Handle ID: 4056 Operation ID: {0,1039717} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4FD.tmp Handle ID: 4056 Operation ID: {0,1039708} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4FE.tmp Handle ID: 4056 Operation ID: {0,1039705} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4FE.tmp Handle ID: 3556 Operation ID: {0,1039688} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4FD.tmp Handle ID: 4056 Operation ID: {0,1039683} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4FD.tmp Handle ID: 3744 Operation ID: {0,1039682} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4FD.tmp Handle ID: 3744 Operation ID: {0,1039671} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4FE.tmp Handle ID: 3744 Operation ID: {0,1039668} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4FD.tmp Handle ID: 3744 Operation ID: {0,1039285} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3556 Operation ID: {0,1039250} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3556 Operation ID: {0,1039211} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 464 Process ID: 228 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 464 Object Type: Key Process ID: 228 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 464 Operation ID: {0,1039173} Process ID: 228 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3892 Operation ID: {0,1039156} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3780 Operation ID: {0,1038833} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4FC.tmp Handle ID: 3556 Operation ID: {0,1038800} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4FB.tmp Handle ID: 3556 Operation ID: {0,1038789} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4FC.tmp Handle ID: 3556 Operation ID: {0,1038782} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4FC.tmp Handle ID: 3780 Operation ID: {0,1038767} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4FB.tmp Handle ID: 3556 Operation ID: {0,1038760} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4FB.tmp Handle ID: 3768 Operation ID: {0,1038759} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4FB.tmp Handle ID: 3768 Operation ID: {0,1038750} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4FC.tmp Handle ID: 3768 Operation ID: {0,1038745} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4FB.tmp Handle ID: 3768 Operation ID: {0,1038739} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3892 Operation ID: {0,1038656} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 176 Process ID: 228 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 176 Object Type: Key Process ID: 228 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 176 Operation ID: {0,1038603} Process ID: 228 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 164 Process ID: 228 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 164 Object Type: Key Process ID: 228 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 164 Operation ID: {0,1038542} Process ID: 228 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3892 Operation ID: {0,1038396} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1148 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1148 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1148 Operation ID: {0,1038327} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4FA.tmp Handle ID: 3768 Operation ID: {0,1038258} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4F9.tmp Handle ID: 3768 Operation ID: {0,1038253} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4FA.tmp Handle ID: 3768 Operation ID: {0,1038246} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4FA.tmp Handle ID: 3836 Operation ID: {0,1038229} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4F9.tmp Handle ID: 3768 Operation ID: {0,1038224} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4F9.tmp Handle ID: 3800 Operation ID: {0,1038223} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4F9.tmp Handle ID: 3800 Operation ID: {0,1038212} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4FA.tmp Handle ID: 3800 Operation ID: {0,1038209} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4F9.tmp Handle ID: 3800 Operation ID: {0,1038203} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3836 Operation ID: {0,1038168} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3836 Operation ID: {0,1038134} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3976 Operation ID: {0,1038091} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3780 Operation ID: {0,1038046} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4F8.tmp Handle ID: 3836 Operation ID: {0,1038019} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4F7.tmp Handle ID: 3836 Operation ID: {0,1038014} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4F8.tmp Handle ID: 3836 Operation ID: {0,1038007} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3840 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4F8.tmp Handle ID: 3780 Operation ID: {0,1037990} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3840 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4F7.tmp Handle ID: 3836 Operation ID: {0,1037985} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4F7.tmp Handle ID: 3840 Operation ID: {0,1037984} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3840 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3840 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4F7.tmp Handle ID: 3840 Operation ID: {0,1037973} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3840 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4F8.tmp Handle ID: 3840 Operation ID: {0,1037970} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3840 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4F7.tmp Handle ID: 3840 Operation ID: {0,1037964} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3976 Operation ID: {0,1037910} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3976 Operation ID: {0,1037841} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4F6.tmp Handle ID: 3800 Operation ID: {0,1037807} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4F5.tmp Handle ID: 3800 Operation ID: {0,1037802} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4F6.tmp Handle ID: 3800 Operation ID: {0,1037795} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4F6.tmp Handle ID: 3836 Operation ID: {0,1037778} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4F5.tmp Handle ID: 3800 Operation ID: {0,1037775} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4F5.tmp Handle ID: 4056 Operation ID: {0,1037774} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4F5.tmp Handle ID: 4056 Operation ID: {0,1037765} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4F6.tmp Handle ID: 4056 Operation ID: {0,1037760} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4F5.tmp Handle ID: 4056 Operation ID: {0,1037754} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3836 Operation ID: {0,1037719} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3836 Operation ID: {0,1037681} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3976 Operation ID: {0,1037638} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3840 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3840 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3840 Operation ID: {0,1037568} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4F4.tmp Handle ID: 4056 Operation ID: {0,1037272} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4F3.tmp Handle ID: 4056 Operation ID: {0,1037267} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4F4.tmp Handle ID: 4056 Operation ID: {0,1037260} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3840 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3840 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3840 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4F4.tmp Handle ID: 3840 Operation ID: {0,1037243} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4F3.tmp Handle ID: 4056 Operation ID: {0,1037238} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4F3.tmp Handle ID: 3996 Operation ID: {0,1037237} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4F3.tmp Handle ID: 3996 Operation ID: {0,1037226} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4F4.tmp Handle ID: 3996 Operation ID: {0,1037223} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4F3.tmp Handle ID: 3996 Operation ID: {0,1037217} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3976 Operation ID: {0,1037164} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3976 Operation ID: {0,1037099} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3840 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3840 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3840 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3840 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4F2.tmp Handle ID: 3840 Operation ID: {0,1037064} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3840 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3840 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3840 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3840 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4F1.tmp Handle ID: 3840 Operation ID: {0,1037057} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3840 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3840 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4F2.tmp Handle ID: 3840 Operation ID: {0,1037050} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3840 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3840 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4F2.tmp Handle ID: 3996 Operation ID: {0,1037035} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4F1.tmp Handle ID: 3840 Operation ID: {0,1037028} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4F1.tmp Handle ID: 3768 Operation ID: {0,1037027} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4F1.tmp Handle ID: 3768 Operation ID: {0,1037018} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4F2.tmp Handle ID: 3768 Operation ID: {0,1037013} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4F1.tmp Handle ID: 3768 Operation ID: {0,1037005} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3996 Operation ID: {0,1036974} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3996 Operation ID: {0,1036938} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3976 Operation ID: {0,1036895} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4F0.tmp Handle ID: 3996 Operation ID: {0,1036843} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4EF.tmp Handle ID: 3996 Operation ID: {0,1036838} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4F0.tmp Handle ID: 3996 Operation ID: {0,1036831} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4F0.tmp Handle ID: 3744 Operation ID: {0,1036814} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4EF.tmp Handle ID: 3996 Operation ID: {0,1036809} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4EF.tmp Handle ID: 3780 Operation ID: {0,1036808} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4EF.tmp Handle ID: 3780 Operation ID: {0,1036797} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4F0.tmp Handle ID: 3780 Operation ID: {0,1036794} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4EF.tmp Handle ID: 3780 Operation ID: {0,1036788} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4012 Operation ID: {0,1036727} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4012 Operation ID: {0,1036664} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4EE.tmp Handle ID: 3836 Operation ID: {0,1036628} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4ED.tmp Handle ID: 3836 Operation ID: {0,1036507} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4EE.tmp Handle ID: 3836 Operation ID: {0,1036502} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4EE.tmp Handle ID: 3996 Operation ID: {0,1036485} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4ED.tmp Handle ID: 3836 Operation ID: {0,1036482} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4ED.tmp Handle ID: 3768 Operation ID: {0,1036481} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4ED.tmp Handle ID: 3768 Operation ID: {0,1036472} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4EE.tmp Handle ID: 3768 Operation ID: {0,1036467} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4ED.tmp Handle ID: 3768 Operation ID: {0,1036461} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3996 Operation ID: {0,1036426} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3996 Operation ID: {0,1036388} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:50 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:50 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3996 Operation ID: {0,1036347} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4EC.tmp Handle ID: 3632 Operation ID: {0,1036169} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4EB.tmp Handle ID: 3632 Operation ID: {0,1036162} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4EC.tmp Handle ID: 3632 Operation ID: {0,1036155} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4EC.tmp Handle ID: 3996 Operation ID: {0,1036140} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4EB.tmp Handle ID: 3632 Operation ID: {0,1036133} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4EB.tmp Handle ID: 3780 Operation ID: {0,1036132} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4EB.tmp Handle ID: 3780 Operation ID: {0,1036121} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4EC.tmp Handle ID: 3800 Operation ID: {0,1036115} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4EB.tmp Handle ID: 3800 Operation ID: {0,1036111} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,1036058} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,1035997} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4EA.tmp Handle ID: 3632 Operation ID: {0,1035961} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4E9.tmp Handle ID: 3632 Operation ID: {0,1035952} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4EA.tmp Handle ID: 3632 Operation ID: {0,1035947} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4EA.tmp Handle ID: 3800 Operation ID: {0,1035934} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4E9.tmp Handle ID: 3632 Operation ID: {0,1035927} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4E9.tmp Handle ID: 3836 Operation ID: {0,1035926} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4E9.tmp Handle ID: 3836 Operation ID: {0,1035917} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4EA.tmp Handle ID: 3836 Operation ID: {0,1035912} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4E9.tmp Handle ID: 3836 Operation ID: {0,1035906} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3800 Operation ID: {0,1035875} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3800 Operation ID: {0,1035843} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,1035800} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3996 Operation ID: {0,1035749} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4E8.tmp Handle ID: 3800 Operation ID: {0,1035722} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4E7.tmp Handle ID: 3800 Operation ID: {0,1035717} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4E8.tmp Handle ID: 3800 Operation ID: {0,1035716} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4E8.tmp Handle ID: 3996 Operation ID: {0,1035699} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4E7.tmp Handle ID: 3800 Operation ID: {0,1035694} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4E7.tmp Handle ID: 4056 Operation ID: {0,1035693} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4E7.tmp Handle ID: 4056 Operation ID: {0,1035682} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4E8.tmp Handle ID: 4056 Operation ID: {0,1035679} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4E7.tmp Handle ID: 4056 Operation ID: {0,1035673} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,1035622} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,1035559} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4E6.tmp Handle ID: 3836 Operation ID: {0,1035525} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4E5.tmp Handle ID: 3836 Operation ID: {0,1035520} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4E6.tmp Handle ID: 3836 Operation ID: {0,1035513} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4E6.tmp Handle ID: 3780 Operation ID: {0,1035493} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4E5.tmp Handle ID: 3836 Operation ID: {0,1035488} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4E5.tmp Handle ID: 3800 Operation ID: {0,1035487} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4E5.tmp Handle ID: 3800 Operation ID: {0,1035476} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4E6.tmp Handle ID: 3800 Operation ID: {0,1035473} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4E5.tmp Handle ID: 3800 Operation ID: {0,1035467} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3836 Operation ID: {0,1035432} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3836 Operation ID: {0,1035394} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,1035353} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4056 Operation ID: {0,1035308} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4E4.tmp Handle ID: 3800 Operation ID: {0,1035281} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4E3.tmp Handle ID: 3800 Operation ID: {0,1035274} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4E4.tmp Handle ID: 3800 Operation ID: {0,1035267} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4E4.tmp Handle ID: 4056 Operation ID: {0,1035252} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4E3.tmp Handle ID: 3800 Operation ID: {0,1035245} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4E3.tmp Handle ID: 3780 Operation ID: {0,1035244} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4E3.tmp Handle ID: 3780 Operation ID: {0,1035235} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4E4.tmp Handle ID: 3780 Operation ID: {0,1035228} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4E3.tmp Handle ID: 3780 Operation ID: {0,1035224} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,1035171} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,1035108} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4E2.tmp Handle ID: 3556 Operation ID: {0,1035068} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4E1.tmp Handle ID: 3556 Operation ID: {0,1035063} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4E2.tmp Handle ID: 3556 Operation ID: {0,1035060} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4E2.tmp Handle ID: 3780 Operation ID: {0,1035047} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4E1.tmp Handle ID: 3556 Operation ID: {0,1035044} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4E1.tmp Handle ID: 3632 Operation ID: {0,1035043} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4E1.tmp Handle ID: 3632 Operation ID: {0,1035038} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4E2.tmp Handle ID: 3632 Operation ID: {0,1035033} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4E1.tmp Handle ID: 3632 Operation ID: {0,1035023} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3780 Operation ID: {0,1034992} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3780 Operation ID: {0,1034960} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,1034917} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4056 Operation ID: {0,1034871} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4E0.tmp Handle ID: 3780 Operation ID: {0,1034842} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4DF.tmp Handle ID: 3780 Operation ID: {0,1034835} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4E0.tmp Handle ID: 3780 Operation ID: {0,1034828} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4E0.tmp Handle ID: 4056 Operation ID: {0,1034815} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4DF.tmp Handle ID: 3780 Operation ID: {0,1034810} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4DF.tmp Handle ID: 3996 Operation ID: {0,1034809} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4DF.tmp Handle ID: 3996 Operation ID: {0,1034798} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4E0.tmp Handle ID: 3996 Operation ID: {0,1034795} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4DF.tmp Handle ID: 3996 Operation ID: {0,1034789} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,1034736} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,1034672} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4DE.tmp Handle ID: 3996 Operation ID: {0,1034638} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4DD.tmp Handle ID: 3996 Operation ID: {0,1034633} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4DE.tmp Handle ID: 3996 Operation ID: {0,1034626} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4DE.tmp Handle ID: 3780 Operation ID: {0,1034609} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4DD.tmp Handle ID: 3996 Operation ID: {0,1034604} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4DD.tmp Handle ID: 3836 Operation ID: {0,1034603} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4DD.tmp Handle ID: 3836 Operation ID: {0,1034592} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4DE.tmp Handle ID: 3836 Operation ID: {0,1034589} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4DD.tmp Handle ID: 3836 Operation ID: {0,1034583} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3780 Operation ID: {0,1034548} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3780 Operation ID: {0,1034510} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,1034469} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4DC.tmp Handle ID: 3836 Operation ID: {0,1034433} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4DB.tmp Handle ID: 3836 Operation ID: {0,1034428} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4DC.tmp Handle ID: 3836 Operation ID: {0,1034421} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4020 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4020 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4DC.tmp Handle ID: 4020 Operation ID: {0,1034404} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4DB.tmp Handle ID: 3836 Operation ID: {0,1034399} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4DB.tmp Handle ID: 3800 Operation ID: {0,1034398} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4DB.tmp Handle ID: 3800 Operation ID: {0,1034387} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4DC.tmp Handle ID: 3800 Operation ID: {0,1034384} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4DB.tmp Handle ID: 3800 Operation ID: {0,1034378} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,1034325} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,1034257} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4020 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4020 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4DA.tmp Handle ID: 4020 Operation ID: {0,1034222} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4020 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4020 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4D9.tmp Handle ID: 4020 Operation ID: {0,1034213} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4020 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4DA.tmp Handle ID: 4020 Operation ID: {0,1034210} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4020 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4DA.tmp Handle ID: 3800 Operation ID: {0,1034193} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4D9.tmp Handle ID: 4020 Operation ID: {0,1034188} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4D9.tmp Handle ID: 3556 Operation ID: {0,1034187} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4D9.tmp Handle ID: 3556 Operation ID: {0,1034176} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4DA.tmp Handle ID: 3556 Operation ID: {0,1034173} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4D9.tmp Handle ID: 3556 Operation ID: {0,1034167} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3800 Operation ID: {0,1034132} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3800 Operation ID: {0,1034096} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3800 Operation ID: {0,1034061} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4D8.tmp Handle ID: 3660 Operation ID: {0,1030579} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4D7.tmp Handle ID: 3660 Operation ID: {0,1030578} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4D8.tmp Handle ID: 3660 Operation ID: {0,1030577} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4D8.tmp Handle ID: 4056 Operation ID: {0,1030576} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:46 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4D7.tmp Handle ID: 3660 Operation ID: {0,1030575} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4D7.tmp Handle ID: 3996 Operation ID: {0,1030574} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4D7.tmp Handle ID: 3996 Operation ID: {0,1030571} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4D8.tmp Handle ID: 3996 Operation ID: {0,1030568} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4D7.tmp Handle ID: 3996 Operation ID: {0,1030564} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3732 Operation ID: {0,1030511} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3732 Operation ID: {0,1030448} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4D6.tmp Handle ID: 4080 Operation ID: {0,1030407} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4D5.tmp Handle ID: 4080 Operation ID: {0,1030400} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4D6.tmp Handle ID: 4080 Operation ID: {0,1030391} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4D6.tmp Handle ID: 3996 Operation ID: {0,1030378} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:46 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4D5.tmp Handle ID: 4080 Operation ID: {0,1030371} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4D5.tmp Handle ID: 3544 Operation ID: {0,1030370} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4D5.tmp Handle ID: 3544 Operation ID: {0,1030361} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4D6.tmp Handle ID: 3544 Operation ID: {0,1030354} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4D5.tmp Handle ID: 3544 Operation ID: {0,1030350} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3996 Operation ID: {0,1030315} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3996 Operation ID: {0,1030277} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3732 Operation ID: {0,1030234} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4056 Operation ID: {0,1030189} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4D4.tmp Handle ID: 3544 Operation ID: {0,1030162} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4D3.tmp Handle ID: 3544 Operation ID: {0,1030157} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4D4.tmp Handle ID: 3544 Operation ID: {0,1030152} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4D4.tmp Handle ID: 4056 Operation ID: {0,1030139} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:46 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4D3.tmp Handle ID: 3544 Operation ID: {0,1030136} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4D3.tmp Handle ID: 4008 Operation ID: {0,1030135} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4D3.tmp Handle ID: 4008 Operation ID: {0,1030126} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4D4.tmp Handle ID: 4008 Operation ID: {0,1030121} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4D3.tmp Handle ID: 4008 Operation ID: {0,1030117} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3732 Operation ID: {0,1030064} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3732 Operation ID: {0,1029998} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4D2.tmp Handle ID: 4056 Operation ID: {0,1029957} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4D1.tmp Handle ID: 4056 Operation ID: {0,1029952} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4D2.tmp Handle ID: 4056 Operation ID: {0,1029945} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:46 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:46 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4D2.tmp Handle ID: 4008 Operation ID: {0,1029928} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4D1.tmp Handle ID: 4056 Operation ID: {0,1029923} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4D1.tmp Handle ID: 3976 Operation ID: {0,1029922} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4D1.tmp Handle ID: 3976 Operation ID: {0,1029909} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4D2.tmp Handle ID: 3976 Operation ID: {0,1029908} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4D1.tmp Handle ID: 3976 Operation ID: {0,1029902} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4008 Operation ID: {0,1029867} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4008 Operation ID: {0,1029829} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3732 Operation ID: {0,1029788} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3892 Operation ID: {0,1029662} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4D0.tmp Handle ID: 3976 Operation ID: {0,1029635} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4CF.tmp Handle ID: 3976 Operation ID: {0,1029630} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4D0.tmp Handle ID: 3976 Operation ID: {0,1029623} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4D0.tmp Handle ID: 3892 Operation ID: {0,1029606} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4CF.tmp Handle ID: 3976 Operation ID: {0,1029601} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4CF.tmp Handle ID: 3660 Operation ID: {0,1029600} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4CF.tmp Handle ID: 3660 Operation ID: {0,1029589} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4D0.tmp Handle ID: 3660 Operation ID: {0,1029586} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4CF.tmp Handle ID: 3660 Operation ID: {0,1029580} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3868 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3868 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3868 Operation ID: {0,1029527} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3868 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3868 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3868 Operation ID: {0,1029466} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4CE.tmp Handle ID: 3892 Operation ID: {0,1029432} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4CD.tmp Handle ID: 3892 Operation ID: {0,1029423} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4CE.tmp Handle ID: 3892 Operation ID: {0,1029416} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4CE.tmp Handle ID: 3660 Operation ID: {0,1029403} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4CD.tmp Handle ID: 3892 Operation ID: {0,1029396} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4CD.tmp Handle ID: 3996 Operation ID: {0,1029395} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4CD.tmp Handle ID: 3996 Operation ID: {0,1029386} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4CE.tmp Handle ID: 3996 Operation ID: {0,1029381} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4CD.tmp Handle ID: 3996 Operation ID: {0,1029375} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3660 Operation ID: {0,1029344} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3660 Operation ID: {0,1029310} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3868 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3868 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3868 Operation ID: {0,1029267} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3780 Operation ID: {0,1029216} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4CC.tmp Handle ID: 3660 Operation ID: {0,1028997} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4CB.tmp Handle ID: 3660 Operation ID: {0,1028996} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4CC.tmp Handle ID: 3660 Operation ID: {0,1028995} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4CC.tmp Handle ID: 3780 Operation ID: {0,1028994} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4CB.tmp Handle ID: 3660 Operation ID: {0,1028993} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4CB.tmp Handle ID: 3544 Operation ID: {0,1028992} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4CB.tmp Handle ID: 3544 Operation ID: {0,1028989} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4CC.tmp Handle ID: 3544 Operation ID: {0,1028986} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4CB.tmp Handle ID: 3544 Operation ID: {0,1028982} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3868 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3868 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3868 Operation ID: {0,1028900} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3868 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3868 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3868 Operation ID: {0,1028633} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4CA.tmp Handle ID: 4008 Operation ID: {0,1028492} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4C9.tmp Handle ID: 4008 Operation ID: {0,1028487} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4CA.tmp Handle ID: 4008 Operation ID: {0,1028482} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4CA.tmp Handle ID: 3544 Operation ID: {0,1028467} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4C9.tmp Handle ID: 4008 Operation ID: {0,1028464} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4C9.tmp Handle ID: 3996 Operation ID: {0,1028463} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4C9.tmp Handle ID: 3996 Operation ID: {0,1028452} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4CA.tmp Handle ID: 3996 Operation ID: {0,1028449} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4C9.tmp Handle ID: 3996 Operation ID: {0,1028323} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,1028148} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,1028110} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3868 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3868 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3868 Operation ID: {0,1027987} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4C8.tmp Handle ID: 3996 Operation ID: {0,1027953} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4C7.tmp Handle ID: 3996 Operation ID: {0,1027948} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4C8.tmp Handle ID: 3996 Operation ID: {0,1027941} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4C8.tmp Handle ID: 3780 Operation ID: {0,1027924} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4C7.tmp Handle ID: 3996 Operation ID: {0,1027919} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4C7.tmp Handle ID: 3976 Operation ID: {0,1027918} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4C7.tmp Handle ID: 3976 Operation ID: {0,1027902} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4C8.tmp Handle ID: 3976 Operation ID: {0,1027890} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4C7.tmp Handle ID: 3976 Operation ID: {0,1027872} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3868 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3868 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3868 Operation ID: {0,1027816} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3868 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3868 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3868 Operation ID: {0,1027444} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4C6.tmp Handle ID: 3780 Operation ID: {0,1026922} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4C5.tmp Handle ID: 3780 Operation ID: {0,1026921} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4C6.tmp Handle ID: 3780 Operation ID: {0,1026920} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4C6.tmp Handle ID: 3976 Operation ID: {0,1026712} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4C5.tmp Handle ID: 3780 Operation ID: {0,1026709} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4C5.tmp Handle ID: 3892 Operation ID: {0,1026708} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4C5.tmp Handle ID: 3892 Operation ID: {0,1026655} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4C6.tmp Handle ID: 3892 Operation ID: {0,1026627} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4C5.tmp Handle ID: 3892 Operation ID: {0,1026598} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3976 Operation ID: {0,1026467} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3976 Operation ID: {0,1026347} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3976 Operation ID: {0,1026236} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 464 Process ID: 3732 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 464 Object Type: Key Process ID: 3732 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 464 Operation ID: {0,1025455} Process ID: 3732 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 176 Process ID: 3732 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 176 Object Type: Key Process ID: 3732 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 176 Operation ID: {0,1025080} Process ID: 3732 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 164 Process ID: 3732 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 164 Object Type: Key Process ID: 3732 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 164 Operation ID: {0,1025019} Process ID: 3732 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1148 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1148 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1148 Operation ID: {0,1024865} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4C4.tmp Handle ID: 3632 Operation ID: {0,1024772} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4C3.tmp Handle ID: 3632 Operation ID: {0,1024767} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4C4.tmp Handle ID: 3632 Operation ID: {0,1024762} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4020 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4020 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4C4.tmp Handle ID: 4020 Operation ID: {0,1024749} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4C3.tmp Handle ID: 3632 Operation ID: {0,1024746} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4C3.tmp Handle ID: 3556 Operation ID: {0,1024745} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4C3.tmp Handle ID: 3556 Operation ID: {0,1024734} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4C4.tmp Handle ID: 3556 Operation ID: {0,1024733} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4C3.tmp Handle ID: 3556 Operation ID: {0,1024729} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4016 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4016 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4016 Operation ID: {0,1024676} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3960 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3960 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3960 Operation ID: {0,1024533} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4C2.tmp Handle ID: 4024 Operation ID: {0,1024497} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4C1.tmp Handle ID: 4024 Operation ID: {0,1024492} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4C2.tmp Handle ID: 4024 Operation ID: {0,1024485} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4C2.tmp Handle ID: 3632 Operation ID: {0,1024468} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4C1.tmp Handle ID: 4024 Operation ID: {0,1024465} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4C1.tmp Handle ID: 3780 Operation ID: {0,1024464} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4C1.tmp Handle ID: 3780 Operation ID: {0,1024455} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4C2.tmp Handle ID: 3780 Operation ID: {0,1024450} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4C1.tmp Handle ID: 3780 Operation ID: {0,1024444} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,1024409} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,1024371} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3960 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3960 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3960 Operation ID: {0,1024328} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3556 Operation ID: {0,1024279} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4C0.tmp Handle ID: 3780 Operation ID: {0,1024252} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4BF.tmp Handle ID: 3780 Operation ID: {0,1024243} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4C0.tmp Handle ID: 3780 Operation ID: {0,1024238} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4C0.tmp Handle ID: 3556 Operation ID: {0,1024223} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4BF.tmp Handle ID: 3780 Operation ID: {0,1024216} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4BF.tmp Handle ID: 3892 Operation ID: {0,1024215} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4BF.tmp Handle ID: 3892 Operation ID: {0,1024206} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4C0.tmp Handle ID: 3892 Operation ID: {0,1024201} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4BF.tmp Handle ID: 3892 Operation ID: {0,1024195} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3960 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3960 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3960 Operation ID: {0,1024144} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3960 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3960 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3960 Operation ID: {0,1024081} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4BE.tmp Handle ID: 3556 Operation ID: {0,1024047} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4BD.tmp Handle ID: 3556 Operation ID: {0,1024038} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4BE.tmp Handle ID: 3556 Operation ID: {0,1024033} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4BE.tmp Handle ID: 3892 Operation ID: {0,1024018} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4BD.tmp Handle ID: 3556 Operation ID: {0,1024011} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4BD.tmp Handle ID: 4040 Operation ID: {0,1024010} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4BD.tmp Handle ID: 4040 Operation ID: {0,1024001} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4BE.tmp Handle ID: 4040 Operation ID: {0,1023996} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4BD.tmp Handle ID: 4040 Operation ID: {0,1023990} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3892 Operation ID: {0,1023957} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3892 Operation ID: {0,1023919} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3960 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3960 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3960 Operation ID: {0,1023878} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3976 Operation ID: {0,1023833} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4BC.tmp Handle ID: 3892 Operation ID: {0,1023806} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4BB.tmp Handle ID: 3892 Operation ID: {0,1023801} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4BC.tmp Handle ID: 3892 Operation ID: {0,1023794} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4BC.tmp Handle ID: 3976 Operation ID: {0,1023777} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4020 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4BB.tmp Handle ID: 3892 Operation ID: {0,1023774} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4BB.tmp Handle ID: 4020 Operation ID: {0,1023771} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4020 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4BB.tmp Handle ID: 4020 Operation ID: {0,1023760} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4BC.tmp Handle ID: 4020 Operation ID: {0,1023757} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4BB.tmp Handle ID: 4020 Operation ID: {0,1023751} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3960 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3960 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3960 Operation ID: {0,1023700} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3960 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3960 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3960 Operation ID: {0,1023634} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4040 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4BA.tmp Handle ID: 4040 Operation ID: {0,1023597} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4040 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4B9.tmp Handle ID: 4040 Operation ID: {0,1023588} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4BA.tmp Handle ID: 4040 Operation ID: {0,1023581} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4BA.tmp Handle ID: 3892 Operation ID: {0,1023568} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4B9.tmp Handle ID: 4040 Operation ID: {0,1023561} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4B9.tmp Handle ID: 3632 Operation ID: {0,1023560} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4B9.tmp Handle ID: 3632 Operation ID: {0,1023551} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4BA.tmp Handle ID: 3632 Operation ID: {0,1023546} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4B9.tmp Handle ID: 3632 Operation ID: {0,1023539} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3892 Operation ID: {0,1023509} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3892 Operation ID: {0,1023475} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3960 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3960 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3960 Operation ID: {0,1023434} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4020 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4020 Operation ID: {0,1023389} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4B8.tmp Handle ID: 3892 Operation ID: {0,1023362} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4B7.tmp Handle ID: 3892 Operation ID: {0,1023355} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4B8.tmp Handle ID: 3892 Operation ID: {0,1023350} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4020 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4020 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4B8.tmp Handle ID: 4020 Operation ID: {0,1023333} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4B7.tmp Handle ID: 3892 Operation ID: {0,1023328} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4B7.tmp Handle ID: 3780 Operation ID: {0,1023327} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4B7.tmp Handle ID: 3780 Operation ID: {0,1023316} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4B8.tmp Handle ID: 3780 Operation ID: {0,1023313} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4B7.tmp Handle ID: 3780 Operation ID: {0,1023307} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3960 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3960 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3960 Operation ID: {0,1023254} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3960 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3960 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3960 Operation ID: {0,1023193} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4B6.tmp Handle ID: 3780 Operation ID: {0,1023159} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4B5.tmp Handle ID: 3780 Operation ID: {0,1023154} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4B6.tmp Handle ID: 3780 Operation ID: {0,1023147} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4B6.tmp Handle ID: 3892 Operation ID: {0,1023130} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4B5.tmp Handle ID: 3780 Operation ID: {0,1023127} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4B5.tmp Handle ID: 3556 Operation ID: {0,1023126} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4B5.tmp Handle ID: 3556 Operation ID: {0,1023117} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4B6.tmp Handle ID: 3556 Operation ID: {0,1023112} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4B5.tmp Handle ID: 3556 Operation ID: {0,1023106} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3892 Operation ID: {0,1023071} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3892 Operation ID: {0,1023033} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3960 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3960 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3960 Operation ID: {0,1022990} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4B4.tmp Handle ID: 3556 Operation ID: {0,1022953} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4B3.tmp Handle ID: 3556 Operation ID: {0,1022944} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4B4.tmp Handle ID: 3556 Operation ID: {0,1022939} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4B4.tmp Handle ID: 3936 Operation ID: {0,1022924} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4B3.tmp Handle ID: 3556 Operation ID: {0,1022917} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4B3.tmp Handle ID: 4024 Operation ID: {0,1022916} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4B3.tmp Handle ID: 4024 Operation ID: {0,1022907} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4B4.tmp Handle ID: 4024 Operation ID: {0,1022900} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4B3.tmp Handle ID: 4024 Operation ID: {0,1022896} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2524 Operation ID: {0,1022845} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3960 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3960 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3960 Operation ID: {0,1022782} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3936 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4B2.tmp Handle ID: 3936 Operation ID: {0,1022748} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3936 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4B1.tmp Handle ID: 3936 Operation ID: {0,1022739} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4B2.tmp Handle ID: 3936 Operation ID: {0,1022736} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4B2.tmp Handle ID: 4024 Operation ID: {0,1022719} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4020 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4B1.tmp Handle ID: 3936 Operation ID: {0,1022714} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4B1.tmp Handle ID: 4020 Operation ID: {0,1022713} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4020 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4B1.tmp Handle ID: 4020 Operation ID: {0,1022702} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4B2.tmp Handle ID: 4020 Operation ID: {0,1022699} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4B1.tmp Handle ID: 4020 Operation ID: {0,1022693} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4024 Operation ID: {0,1022658} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4024 Operation ID: {0,1022622} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4024 Operation ID: {0,1022587} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3936 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4B0.tmp Handle ID: 3936 Operation ID: {0,1022421} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3936 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4AF.tmp Handle ID: 3936 Operation ID: {0,1022416} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4B0.tmp Handle ID: 3936 Operation ID: {0,1022409} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4B0.tmp Handle ID: 4024 Operation ID: {0,1022394} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4020 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4AF.tmp Handle ID: 3936 Operation ID: {0,1022389} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4AF.tmp Handle ID: 4020 Operation ID: {0,1022388} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4020 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4AF.tmp Handle ID: 4020 Operation ID: {0,1022379} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4B0.tmp Handle ID: 4020 Operation ID: {0,1022374} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4AF.tmp Handle ID: 4020 Operation ID: {0,1022368} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3960 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3960 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3960 Operation ID: {0,1022315} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2524 Operation ID: {0,1022246} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4AE.tmp Handle ID: 3892 Operation ID: {0,1022208} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4AD.tmp Handle ID: 3892 Operation ID: {0,1022199} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4AE.tmp Handle ID: 3892 Operation ID: {0,1022194} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4AE.tmp Handle ID: 3976 Operation ID: {0,1022179} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4020 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4AD.tmp Handle ID: 3892 Operation ID: {0,1022176} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4AD.tmp Handle ID: 4020 Operation ID: {0,1022175} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4020 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4AD.tmp Handle ID: 4020 Operation ID: {0,1022164} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4AE.tmp Handle ID: 4020 Operation ID: {0,1022161} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4AD.tmp Handle ID: 4020 Operation ID: {0,1022155} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3976 Operation ID: {0,1022120} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3976 Operation ID: {0,1022082} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3960 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3960 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3960 Operation ID: {0,1022041} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4024 Operation ID: {0,1021996} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4020 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4020 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4AC.tmp Handle ID: 4020 Operation ID: {0,1021969} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4020 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4020 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4AB.tmp Handle ID: 4020 Operation ID: {0,1021962} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4020 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4AC.tmp Handle ID: 4020 Operation ID: {0,1021957} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4020 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4AC.tmp Handle ID: 4024 Operation ID: {0,1021938} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4AB.tmp Handle ID: 4020 Operation ID: {0,1021937} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4AB.tmp Handle ID: 3556 Operation ID: {0,1021936} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4AB.tmp Handle ID: 3556 Operation ID: {0,1021927} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4AC.tmp Handle ID: 3556 Operation ID: {0,1021922} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4AB.tmp Handle ID: 3556 Operation ID: {0,1021916} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3960 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3960 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3960 Operation ID: {0,1021863} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3960 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3960 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3960 Operation ID: {0,1021799} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4AA.tmp Handle ID: 3892 Operation ID: {0,1021761} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4A9.tmp Handle ID: 3892 Operation ID: {0,1021754} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4AA.tmp Handle ID: 3892 Operation ID: {0,1021747} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4AA.tmp Handle ID: 3556 Operation ID: {0,1021732} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4A9.tmp Handle ID: 3892 Operation ID: {0,1021725} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4A9.tmp Handle ID: 3936 Operation ID: {0,1021724} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4A9.tmp Handle ID: 3936 Operation ID: {0,1021717} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4AA.tmp Handle ID: 3936 Operation ID: {0,1021712} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4A9.tmp Handle ID: 3936 Operation ID: {0,1021704} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3556 Operation ID: {0,1021671} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3556 Operation ID: {0,1021633} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3960 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3960 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3960 Operation ID: {0,1021590} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4024 Operation ID: {0,1021545} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4A8.tmp Handle ID: 3556 Operation ID: {0,1021520} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4A7.tmp Handle ID: 3556 Operation ID: {0,1021519} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4A8.tmp Handle ID: 3556 Operation ID: {0,1021518} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4A8.tmp Handle ID: 4024 Operation ID: {0,1021517} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4A7.tmp Handle ID: 3556 Operation ID: {0,1021516} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4A7.tmp Handle ID: 3632 Operation ID: {0,1021515} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4A7.tmp Handle ID: 3632 Operation ID: {0,1021512} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4A8.tmp Handle ID: 3632 Operation ID: {0,1021511} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4A7.tmp Handle ID: 3632 Operation ID: {0,1021507} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3960 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3960 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3960 Operation ID: {0,1021454} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3960 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:44 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3960 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:44 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3960 Operation ID: {0,1021390} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3936 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4A6.tmp Handle ID: 3936 Operation ID: {0,1021355} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3936 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4A5.tmp Handle ID: 3936 Operation ID: {0,1021350} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4A6.tmp Handle ID: 3936 Operation ID: {0,1021345} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3964 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3964 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3964 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4A6.tmp Handle ID: 3964 Operation ID: {0,1021255} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4A5.tmp Handle ID: 3936 Operation ID: {0,1021250} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4A5.tmp Handle ID: 3544 Operation ID: {0,1021249} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4A5.tmp Handle ID: 3544 Operation ID: {0,1021238} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4A6.tmp Handle ID: 3544 Operation ID: {0,1021235} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4A5.tmp Handle ID: 3544 Operation ID: {0,1021229} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3964 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3964 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3964 Operation ID: {0,1021194} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3964 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3964 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3964 Operation ID: {0,1021156} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4020 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4020 Operation ID: {0,1021115} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3780 Operation ID: {0,1021070} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4A4.tmp Handle ID: 3544 Operation ID: {0,1021043} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4A3.tmp Handle ID: 3544 Operation ID: {0,1021038} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4A4.tmp Handle ID: 3544 Operation ID: {0,1021031} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4A4.tmp Handle ID: 3780 Operation ID: {0,1021014} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4A3.tmp Handle ID: 3544 Operation ID: {0,1021009} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4A3.tmp Handle ID: 2524 Operation ID: {0,1021008} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4A3.tmp Handle ID: 2524 Operation ID: {0,1020997} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4A4.tmp Handle ID: 2524 Operation ID: {0,1020994} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4A3.tmp Handle ID: 2524 Operation ID: {0,1020988} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4020 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4020 Operation ID: {0,1020935} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4020 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4020 Operation ID: {0,1020833} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4A2.tmp Handle ID: 3780 Operation ID: {0,1020382} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4A1.tmp Handle ID: 3780 Operation ID: {0,1020375} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4A2.tmp Handle ID: 3780 Operation ID: {0,1020368} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4A2.tmp Handle ID: 2524 Operation ID: {0,1020353} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4A1.tmp Handle ID: 3780 Operation ID: {0,1020346} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4A1.tmp Handle ID: 4024 Operation ID: {0,1020345} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4A1.tmp Handle ID: 4024 Operation ID: {0,1020336} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4A2.tmp Handle ID: 4024 Operation ID: {0,1020333} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4A1.tmp Handle ID: 4024 Operation ID: {0,1020326} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2524 Operation ID: {0,1020291} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2524 Operation ID: {0,1020253} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4020 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4020 Operation ID: {0,1020173} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4A0.tmp Handle ID: 4024 Operation ID: {0,1019933} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab49F.tmp Handle ID: 4024 Operation ID: {0,1019932} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4A0.tmp Handle ID: 4024 Operation ID: {0,1019931} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3868 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3868 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3868 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4A0.tmp Handle ID: 3868 Operation ID: {0,1019930} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab49F.tmp Handle ID: 4024 Operation ID: {0,1019929} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab49F.tmp Handle ID: 3892 Operation ID: {0,1019928} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab49F.tmp Handle ID: 3892 Operation ID: {0,1019925} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4A0.tmp Handle ID: 3892 Operation ID: {0,1019924} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab49F.tmp Handle ID: 3892 Operation ID: {0,1019920} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4020 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4020 Operation ID: {0,1019867} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3976 Operation ID: {0,1019805} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3676 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3676 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar49E.tmp Handle ID: 3676 Operation ID: {0,1019755} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3676 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3676 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab49D.tmp Handle ID: 3676 Operation ID: {0,1019748} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3676 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar49E.tmp Handle ID: 3676 Operation ID: {0,1019743} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3796 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3796 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3796 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3676 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar49E.tmp Handle ID: 3796 Operation ID: {0,1019726} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3788 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab49D.tmp Handle ID: 3676 Operation ID: {0,1019721} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab49D.tmp Handle ID: 3788 Operation ID: {0,1019720} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3788 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab49D.tmp Handle ID: 3788 Operation ID: {0,1019709} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar49E.tmp Handle ID: 3788 Operation ID: {0,1019706} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab49D.tmp Handle ID: 3788 Operation ID: {0,1019700} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3796 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3796 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3796 Operation ID: {0,1019665} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3796 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3796 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3796 Operation ID: {0,1019629} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3796 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3796 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3796 Operation ID: {0,1019594} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:41 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 280 Process ID: 5220 Image File Name: C:\WINDOWS\system32\mmc.exe " 4/17/2020 11:49:41 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 280 Object Type: Key Process ID: 5220 Image File Name: C:\WINDOWS\system32\mmc.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:41 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 280 Operation ID: {0,1011253} Process ID: 5220 Image File Name: C:\WINDOWS\system32\mmc.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:41 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 140 Process ID: 5220 Image File Name: C:\WINDOWS\system32\mmc.exe " 4/17/2020 11:49:41 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 140 Object Type: Key Process ID: 5220 Image File Name: C:\WINDOWS\system32\mmc.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:41 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 140 Operation ID: {0,1010546} Process ID: 5220 Image File Name: C:\WINDOWS\system32\mmc.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:41 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 120 Process ID: 5220 Image File Name: C:\WINDOWS\system32\mmc.exe " 4/17/2020 11:49:41 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 120 Object Type: Key Process ID: 5220 Image File Name: C:\WINDOWS\system32\mmc.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:41 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 120 Operation ID: {0,1010469} Process ID: 5220 Image File Name: C:\WINDOWS\system32\mmc.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:49:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 464 Process ID: 5100 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:49:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 464 Object Type: Key Process ID: 5100 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 464 Operation ID: {0,1007706} Process ID: 5100 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 176 Process ID: 5100 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:49:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 176 Object Type: Key Process ID: 5100 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 176 Operation ID: {0,1007345} Process ID: 5100 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 164 Process ID: 5100 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:49:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 164 Object Type: Key Process ID: 5100 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 164 Operation ID: {0,1007284} Process ID: 5100 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:49:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1104 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:49:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1104 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1104 Operation ID: {0,1007130} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3912 Operation ID: {0,1005057} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 464 Process ID: 3152 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:49:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 464 Object Type: Key Process ID: 3152 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 464 Operation ID: {0,982116} Process ID: 3152 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 176 Process ID: 3152 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:49:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 176 Object Type: Key Process ID: 3152 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 176 Operation ID: {0,981357} Process ID: 3152 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 164 Process ID: 3152 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:49:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 164 Object Type: Key Process ID: 3152 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 164 Operation ID: {0,981164} Process ID: 3152 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:49:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1144 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:49:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1144 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1144 Operation ID: {0,980970} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 464 Process ID: 4956 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:49:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 464 Object Type: Key Process ID: 4956 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 464 Operation ID: {0,958235} Process ID: 4956 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 176 Process ID: 4956 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:49:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 176 Object Type: Key Process ID: 4956 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 176 Operation ID: {0,957875} Process ID: 4956 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 164 Process ID: 4956 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:49:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 164 Object Type: Key Process ID: 4956 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 164 Operation ID: {0,957814} Process ID: 4956 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:49:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1104 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:49:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1104 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1104 Operation ID: {0,957660} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:23 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 492 Process ID: 4580 Image File Name: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-23UQ9.tmp\mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.tmp " 4/17/2020 11:49:23 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 492 Object Type: Key Process ID: 4580 Image File Name: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-23UQ9.tmp\mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.tmp Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:23 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 492 Operation ID: {0,956385} Process ID: 4580 Image File Name: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-23UQ9.tmp\mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.tmp Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:23 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 492 Process ID: 4580 Image File Name: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-23UQ9.tmp\mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.tmp " 4/17/2020 11:49:23 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 492 Object Type: Key Process ID: 4580 Image File Name: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-23UQ9.tmp\mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.tmp Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:23 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 492 Operation ID: {0,956382} Process ID: 4580 Image File Name: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-23UQ9.tmp\mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.tmp Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 464 Process ID: 788 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:49:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 464 Object Type: Key Process ID: 788 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 464 Operation ID: {0,953603} Process ID: 788 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 176 Process ID: 788 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:49:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 176 Object Type: Key Process ID: 788 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 176 Operation ID: {0,953236} Process ID: 788 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 164 Process ID: 788 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:49:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 164 Object Type: Key Process ID: 788 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 164 Operation ID: {0,953175} Process ID: 788 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:49:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1148 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:49:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1148 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1148 Operation ID: {0,953016} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:16 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar49C.tmp Handle ID: 3732 Operation ID: {0,949671} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:16 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab49B.tmp Handle ID: 3732 Operation ID: {0,949666} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar49C.tmp Handle ID: 3732 Operation ID: {0,949659} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3920 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar49C.tmp Handle ID: 3760 Operation ID: {0,949642} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3920 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab49B.tmp Handle ID: 3732 Operation ID: {0,949637} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab49B.tmp Handle ID: 3920 Operation ID: {0,949636} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3920 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3920 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab49B.tmp Handle ID: 3920 Operation ID: {0,949625} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3920 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar49C.tmp Handle ID: 3920 Operation ID: {0,949622} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3920 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab49B.tmp Handle ID: 3920 Operation ID: {0,949616} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4052 Operation ID: {0,949563} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,949488} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar49A.tmp Handle ID: 3760 Operation ID: {0,949449} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab499.tmp Handle ID: 3760 Operation ID: {0,949442} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar49A.tmp Handle ID: 3760 Operation ID: {0,949433} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3988 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3920 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3920 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3920 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar49A.tmp Handle ID: 3920 Operation ID: {0,949420} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3988 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab499.tmp Handle ID: 3760 Operation ID: {0,949413} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab499.tmp Handle ID: 3988 Operation ID: {0,949412} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3988 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3988 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab499.tmp Handle ID: 3988 Operation ID: {0,949403} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3988 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar49A.tmp Handle ID: 3988 Operation ID: {0,949396} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3988 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab499.tmp Handle ID: 3988 Operation ID: {0,949392} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3920 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3920 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3920 Operation ID: {0,949357} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3920 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3920 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3920 Operation ID: {0,949319} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,949276} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,949140} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3988 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3988 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3988 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3988 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar498.tmp Handle ID: 3988 Operation ID: {0,949003} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3988 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3988 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3988 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3988 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab497.tmp Handle ID: 3988 Operation ID: {0,948998} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3988 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3988 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar498.tmp Handle ID: 3988 Operation ID: {0,948991} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3988 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4072 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4072 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4072 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3988 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar498.tmp Handle ID: 4072 Operation ID: {0,948972} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab497.tmp Handle ID: 3988 Operation ID: {0,948969} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab497.tmp Handle ID: 4052 Operation ID: {0,948968} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab497.tmp Handle ID: 4052 Operation ID: {0,948957} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar498.tmp Handle ID: 4052 Operation ID: {0,948954} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab497.tmp Handle ID: 4052 Operation ID: {0,948947} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,948894} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,948827} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3824 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3824 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3824 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3824 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar496.tmp Handle ID: 3824 Operation ID: {0,948793} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3824 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3824 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3824 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3824 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab495.tmp Handle ID: 3824 Operation ID: {0,948786} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3824 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3824 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar496.tmp Handle ID: 3824 Operation ID: {0,948781} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3824 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3988 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3988 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3988 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3824 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar496.tmp Handle ID: 3988 Operation ID: {0,948763} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab495.tmp Handle ID: 3824 Operation ID: {0,948758} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab495.tmp Handle ID: 3732 Operation ID: {0,948757} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab495.tmp Handle ID: 3732 Operation ID: {0,948745} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3824 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar496.tmp Handle ID: 3824 Operation ID: {0,948742} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3824 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab495.tmp Handle ID: 3824 Operation ID: {0,948735} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3988 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3988 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3988 Operation ID: {0,948699} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3972 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3972 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3972 Operation ID: {0,948662} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,948619} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4052 Operation ID: {0,948564} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3972 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3972 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3972 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3972 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar494.tmp Handle ID: 3972 Operation ID: {0,948537} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3972 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3972 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3972 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3972 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab493.tmp Handle ID: 3972 Operation ID: {0,948530} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3972 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3972 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar494.tmp Handle ID: 3972 Operation ID: {0,948525} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3972 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3988 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3972 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar494.tmp Handle ID: 4052 Operation ID: {0,948508} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3988 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab493.tmp Handle ID: 3972 Operation ID: {0,948505} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab493.tmp Handle ID: 3988 Operation ID: {0,948504} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3988 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3988 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab493.tmp Handle ID: 3988 Operation ID: {0,948495} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3988 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar494.tmp Handle ID: 3988 Operation ID: {0,948490} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3988 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab493.tmp Handle ID: 3988 Operation ID: {0,948484} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,948431} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,948366} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3824 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3824 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3824 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3824 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar492.tmp Handle ID: 3824 Operation ID: {0,948328} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3824 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3824 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3824 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3824 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab491.tmp Handle ID: 3824 Operation ID: {0,948321} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3824 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3824 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar492.tmp Handle ID: 3824 Operation ID: {0,948316} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3824 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3972 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3972 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3972 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3824 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar492.tmp Handle ID: 3972 Operation ID: {0,948299} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab491.tmp Handle ID: 3824 Operation ID: {0,948296} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab491.tmp Handle ID: 3416 Operation ID: {0,948295} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab491.tmp Handle ID: 3416 Operation ID: {0,948284} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar492.tmp Handle ID: 3416 Operation ID: {0,948277} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3824 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab491.tmp Handle ID: 3824 Operation ID: {0,948270} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3972 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3972 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3972 Operation ID: {0,948235} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3972 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3972 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3972 Operation ID: {0,948196} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,948155} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3988 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3988 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3988 Operation ID: {0,948106} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar490.tmp Handle ID: 3416 Operation ID: {0,948079} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab48F.tmp Handle ID: 3416 Operation ID: {0,948070} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar490.tmp Handle ID: 3416 Operation ID: {0,948067} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4072 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3988 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3988 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3988 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar490.tmp Handle ID: 3988 Operation ID: {0,948050} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4072 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab48F.tmp Handle ID: 3416 Operation ID: {0,948045} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab48F.tmp Handle ID: 4072 Operation ID: {0,948044} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4072 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4072 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab48F.tmp Handle ID: 4072 Operation ID: {0,948033} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4072 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar490.tmp Handle ID: 4072 Operation ID: {0,948030} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4072 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab48F.tmp Handle ID: 4072 Operation ID: {0,948024} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,947970} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,947900} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3824 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3824 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3824 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3824 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar48E.tmp Handle ID: 3824 Operation ID: {0,947866} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3824 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3824 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3824 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3824 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab48D.tmp Handle ID: 3824 Operation ID: {0,947865} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3824 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3824 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar48E.tmp Handle ID: 3824 Operation ID: {0,947864} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3824 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3824 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar48E.tmp Handle ID: 3416 Operation ID: {0,947853} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab48D.tmp Handle ID: 3824 Operation ID: {0,947850} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab48D.tmp Handle ID: 3732 Operation ID: {0,947849} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab48D.tmp Handle ID: 3732 Operation ID: {0,947840} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar48E.tmp Handle ID: 3732 Operation ID: {0,947835} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab48D.tmp Handle ID: 3732 Operation ID: {0,947829} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3416 Operation ID: {0,947794} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3416 Operation ID: {0,947756} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,947713} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar48C.tmp Handle ID: 3732 Operation ID: {0,947676} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab48B.tmp Handle ID: 3732 Operation ID: {0,947667} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar48C.tmp Handle ID: 3732 Operation ID: {0,947664} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4072 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4072 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4072 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar48C.tmp Handle ID: 4072 Operation ID: {0,947647} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab48B.tmp Handle ID: 3732 Operation ID: {0,947642} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab48B.tmp Handle ID: 4052 Operation ID: {0,947641} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab48B.tmp Handle ID: 4052 Operation ID: {0,947630} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar48C.tmp Handle ID: 4052 Operation ID: {0,947627} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab48B.tmp Handle ID: 4052 Operation ID: {0,947621} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,947568} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,947497} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4072 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4072 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4072 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4072 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar48A.tmp Handle ID: 4072 Operation ID: {0,947336} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4072 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4072 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4072 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4072 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab489.tmp Handle ID: 4072 Operation ID: {0,947296} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4072 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4072 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar48A.tmp Handle ID: 4072 Operation ID: {0,947279} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4072 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3972 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4072 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar48A.tmp Handle ID: 4052 Operation ID: {0,947246} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3972 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab489.tmp Handle ID: 4072 Operation ID: {0,947239} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab489.tmp Handle ID: 3972 Operation ID: {0,947238} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3972 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3972 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab489.tmp Handle ID: 3972 Operation ID: {0,947229} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3972 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar48A.tmp Handle ID: 3972 Operation ID: {0,947220} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3972 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab489.tmp Handle ID: 3972 Operation ID: {0,947216} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4052 Operation ID: {0,947181} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4052 Operation ID: {0,947143} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4052 Operation ID: {0,947102} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3824 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3824 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3824 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3824 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar488.tmp Handle ID: 3824 Operation ID: {0,946981} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3824 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3824 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3824 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3824 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab487.tmp Handle ID: 3824 Operation ID: {0,946976} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3824 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3824 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar488.tmp Handle ID: 3824 Operation ID: {0,946973} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3824 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3824 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar488.tmp Handle ID: 3580 Operation ID: {0,946958} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab487.tmp Handle ID: 3824 Operation ID: {0,946955} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab487.tmp Handle ID: 3684 Operation ID: {0,946954} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab487.tmp Handle ID: 3684 Operation ID: {0,946943} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar488.tmp Handle ID: 3684 Operation ID: {0,946938} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab487.tmp Handle ID: 3684 Operation ID: {0,946934} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,946881} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,946813} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar486.tmp Handle ID: 4028 Operation ID: {0,946772} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab485.tmp Handle ID: 4028 Operation ID: {0,946767} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar486.tmp Handle ID: 4028 Operation ID: {0,946762} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3824 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3824 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3824 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar486.tmp Handle ID: 3824 Operation ID: {0,946749} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab485.tmp Handle ID: 4028 Operation ID: {0,946746} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab485.tmp Handle ID: 3672 Operation ID: {0,946745} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab485.tmp Handle ID: 3672 Operation ID: {0,946732} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar486.tmp Handle ID: 3672 Operation ID: {0,946729} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab485.tmp Handle ID: 3672 Operation ID: {0,946725} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3824 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3824 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3824 Operation ID: {0,946690} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3824 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3824 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3824 Operation ID: {0,946652} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,946609} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar484.tmp Handle ID: 3580 Operation ID: {0,946451} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,946441} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab483.tmp Handle ID: 3672 Operation ID: {0,946432} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar484.tmp Handle ID: 3672 Operation ID: {0,946416} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar482.tmp Handle ID: 3580 Operation ID: {0,946408} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab481.tmp Handle ID: 3580 Operation ID: {0,946405} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar482.tmp Handle ID: 3580 Operation ID: {0,946400} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3968 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3824 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3824 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar484.tmp Handle ID: 3684 Operation ID: {0,946389} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab483.tmp Handle ID: 3672 Operation ID: {0,946382} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab483.tmp Handle ID: 3860 Operation ID: {0,946381} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab483.tmp Handle ID: 3860 Operation ID: {0,946372} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3824 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar484.tmp Handle ID: 3860 Operation ID: {0,946365} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar482.tmp Handle ID: 3824 Operation ID: {0,946353} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3824 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab483.tmp Handle ID: 3824 Operation ID: {0,946348} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3968 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab481.tmp Handle ID: 3580 Operation ID: {0,946350} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab481.tmp Handle ID: 3968 Operation ID: {0,946349} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3968 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3968 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab481.tmp Handle ID: 3968 Operation ID: {0,946327} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3968 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar482.tmp Handle ID: 3968 Operation ID: {0,946324} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3968 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab481.tmp Handle ID: 3968 Operation ID: {0,946319} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4060 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4060 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4060 Operation ID: {0,946241} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4068 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4068 Operation ID: {0,946180} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4068 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4068 Operation ID: {0,946092} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4068 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4068 Operation ID: {0,946019} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3860 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar480.tmp Handle ID: 3860 Operation ID: {0,945970} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3860 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab47F.tmp Handle ID: 3860 Operation ID: {0,945965} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar480.tmp Handle ID: 3860 Operation ID: {0,945960} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar480.tmp Handle ID: 3580 Operation ID: {0,945945} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab47F.tmp Handle ID: 3860 Operation ID: {0,945942} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab47F.tmp Handle ID: 2540 Operation ID: {0,945941} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab47F.tmp Handle ID: 2540 Operation ID: {0,945932} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar480.tmp Handle ID: 2540 Operation ID: {0,945927} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab47F.tmp Handle ID: 2540 Operation ID: {0,945923} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,945888} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,945850} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3968 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3968 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3968 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3968 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar47E.tmp Handle ID: 3968 Operation ID: {0,945637} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3968 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3968 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3968 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3968 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab47D.tmp Handle ID: 3968 Operation ID: {0,945632} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3968 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3968 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar47E.tmp Handle ID: 3968 Operation ID: {0,945625} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3968 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3968 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar47E.tmp Handle ID: 3580 Operation ID: {0,945608} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab47D.tmp Handle ID: 3968 Operation ID: {0,945603} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab47D.tmp Handle ID: 3860 Operation ID: {0,945602} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab47D.tmp Handle ID: 3860 Operation ID: {0,945591} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar47E.tmp Handle ID: 3860 Operation ID: {0,945588} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab47D.tmp Handle ID: 3860 Operation ID: {0,945582} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,945547} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,945509} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3628 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3628 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3628 Operation ID: {0,945421} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4044 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4044 Operation ID: {0,945344} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3692 Operation ID: {0,944589} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar47C.tmp Handle ID: 2540 Operation ID: {0,944564} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab47B.tmp Handle ID: 2540 Operation ID: {0,944559} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar47C.tmp Handle ID: 2540 Operation ID: {0,944556} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar47C.tmp Handle ID: 3692 Operation ID: {0,944519} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab47B.tmp Handle ID: 2540 Operation ID: {0,944513} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab47B.tmp Handle ID: 3832 Operation ID: {0,944511} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab47B.tmp Handle ID: 2540 Operation ID: {0,944497} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar47C.tmp Handle ID: 2540 Operation ID: {0,944494} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab47B.tmp Handle ID: 2540 Operation ID: {0,944467} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,944458} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3860 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar47A.tmp Handle ID: 3860 Operation ID: {0,944330} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3860 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab479.tmp Handle ID: 3860 Operation ID: {0,944323} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar47A.tmp Handle ID: 3860 Operation ID: {0,944316} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3908 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar47A.tmp Handle ID: 3684 Operation ID: {0,944301} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3908 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab479.tmp Handle ID: 3860 Operation ID: {0,944294} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab479.tmp Handle ID: 3908 Operation ID: {0,944293} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3908 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3908 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab479.tmp Handle ID: 3908 Operation ID: {0,944284} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3908 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar47A.tmp Handle ID: 3908 Operation ID: {0,944276} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3908 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab479.tmp Handle ID: 3908 Operation ID: {0,944260} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3672 Operation ID: {0,944133} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3812 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3812 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3812 Operation ID: {0,944083} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3952 Operation ID: {0,943348} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3812 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3812 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3812 Operation ID: {0,942740} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar478.tmp Handle ID: 3952 Operation ID: {0,942220} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab475.tmp Handle ID: 3952 Operation ID: {0,942211} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar478.tmp Handle ID: 3952 Operation ID: {0,942208} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar478.tmp Handle ID: 3580 Operation ID: {0,942191} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab475.tmp Handle ID: 3952 Operation ID: {0,942188} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab475.tmp Handle ID: 3600 Operation ID: {0,942187} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab475.tmp Handle ID: 3600 Operation ID: {0,942178} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar478.tmp Handle ID: 3600 Operation ID: {0,942173} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab475.tmp Handle ID: 3600 Operation ID: {0,942003} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar477.tmp Handle ID: 3460 Operation ID: {0,942129} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab476.tmp Handle ID: 3460 Operation ID: {0,942124} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar477.tmp Handle ID: 3460 Operation ID: {0,942119} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar477.tmp Handle ID: 3952 Operation ID: {0,942106} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab476.tmp Handle ID: 3460 Operation ID: {0,942103} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab476.tmp Handle ID: 3600 Operation ID: {0,942102} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab476.tmp Handle ID: 3600 Operation ID: {0,942089} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar477.tmp Handle ID: 3600 Operation ID: {0,942088} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab476.tmp Handle ID: 3600 Operation ID: {0,942076} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3952 Operation ID: {0,942039} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3952 Operation ID: {0,941999} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3460 Operation ID: {0,941808} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3460 Operation ID: {0,941623} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3708 Operation ID: {0,941483} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3792 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3792 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3792 Operation ID: {0,941383} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 464 Process ID: 5652 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 464 Object Type: Key Process ID: 5652 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 464 Operation ID: {0,941360} Process ID: 5652 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3908 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3908 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3908 Operation ID: {0,941215} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar474.tmp Handle ID: 3460 Operation ID: {0,941107} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab473.tmp Handle ID: 3460 Operation ID: {0,941091} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar474.tmp Handle ID: 3460 Operation ID: {0,941085} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3968 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3908 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3908 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3908 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar474.tmp Handle ID: 3908 Operation ID: {0,941032} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3968 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab473.tmp Handle ID: 3460 Operation ID: {0,941027} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab473.tmp Handle ID: 3968 Operation ID: {0,941026} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3460 Operation ID: {0,941017} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab473.tmp Handle ID: 3460 Operation ID: {0,941008} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar474.tmp Handle ID: 3460 Operation ID: {0,941000} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab473.tmp Handle ID: 3952 Operation ID: {0,940990} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar472.tmp Handle ID: 3952 Operation ID: {0,940964} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab471.tmp Handle ID: 3952 Operation ID: {0,940959} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar472.tmp Handle ID: 3952 Operation ID: {0,940954} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3824 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar472.tmp Handle ID: 3460 Operation ID: {0,940925} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3824 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab471.tmp Handle ID: 3952 Operation ID: {0,940924} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab471.tmp Handle ID: 3824 Operation ID: {0,940923} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab471.tmp Handle ID: 3460 Operation ID: {0,940913} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar472.tmp Handle ID: 3460 Operation ID: {0,940912} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab471.tmp Handle ID: 3460 Operation ID: {0,940907} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4044 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4044 Operation ID: {0,940870} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3792 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3792 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3792 Operation ID: {0,940745} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 176 Process ID: 5652 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 176 Object Type: Key Process ID: 5652 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 176 Operation ID: {0,940684} Process ID: 5652 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 164 Process ID: 5652 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 164 Object Type: Key Process ID: 5652 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 164 Operation ID: {0,940622} Process ID: 5652 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3792 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3708 Operation ID: {0,940461} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3792 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3792 Operation ID: {0,940446} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar470.tmp Handle ID: 3340 Operation ID: {0,940356} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab46F.tmp Handle ID: 3340 Operation ID: {0,940351} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar470.tmp Handle ID: 3340 Operation ID: {0,940337} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3828 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3828 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3828 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar470.tmp Handle ID: 3828 Operation ID: {0,940321} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab46F.tmp Handle ID: 3340 Operation ID: {0,940318} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab46F.tmp Handle ID: 4004 Operation ID: {0,940317} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab46F.tmp Handle ID: 4004 Operation ID: {0,940304} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar470.tmp Handle ID: 4004 Operation ID: {0,940301} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab46F.tmp Handle ID: 4004 Operation ID: {0,940299} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1144 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1144 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1144 Operation ID: {0,940261} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar46E.tmp Handle ID: 3600 Operation ID: {0,940197} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab46D.tmp Handle ID: 3600 Operation ID: {0,940192} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar46E.tmp Handle ID: 3600 Operation ID: {0,940187} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar46E.tmp Handle ID: 3800 Operation ID: {0,940176} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab46D.tmp Handle ID: 3600 Operation ID: {0,940171} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab46D.tmp Handle ID: 4024 Operation ID: {0,940169} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab46D.tmp Handle ID: 3800 Operation ID: {0,940153} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar46E.tmp Handle ID: 3800 Operation ID: {0,940148} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab46D.tmp Handle ID: 3800 Operation ID: {0,940140} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3828 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3828 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3828 Operation ID: {0,940103} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4004 Operation ID: {0,940077} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4064 Operation ID: {0,940022} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,940004} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4068 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4068 Operation ID: {0,939961} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3728 Operation ID: {0,939921} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3800 Operation ID: {0,939876} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar46C.tmp Handle ID: 3580 Operation ID: {0,939846} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab46B.tmp Handle ID: 3580 Operation ID: {0,939845} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar46C.tmp Handle ID: 3580 Operation ID: {0,939844} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar46C.tmp Handle ID: 3952 Operation ID: {0,939819} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab46B.tmp Handle ID: 3580 Operation ID: {0,939818} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab46B.tmp Handle ID: 3860 Operation ID: {0,939817} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab46B.tmp Handle ID: 3860 Operation ID: {0,939814} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar46C.tmp Handle ID: 3860 Operation ID: {0,939813} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3860 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar46A.tmp Handle ID: 3860 Operation ID: {0,939805} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3860 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab469.tmp Handle ID: 3860 Operation ID: {0,939804} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar46A.tmp Handle ID: 3860 Operation ID: {0,939801} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3828 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab46B.tmp Handle ID: 3828 Operation ID: {0,939796} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar46A.tmp Handle ID: 3952 Operation ID: {0,939750} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab469.tmp Handle ID: 3860 Operation ID: {0,939747} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab469.tmp Handle ID: 3580 Operation ID: {0,939745} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,939738} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab469.tmp Handle ID: 3860 Operation ID: {0,939735} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar46A.tmp Handle ID: 3580 Operation ID: {0,939734} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab469.tmp Handle ID: 3580 Operation ID: {0,939732} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3728 Operation ID: {0,939681} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3340 Operation ID: {0,939595} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4032 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4032 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4032 Operation ID: {0,939555} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar468.tmp Handle ID: 4064 Operation ID: {0,939516} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab467.tmp Handle ID: 4064 Operation ID: {0,939511} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar468.tmp Handle ID: 4064 Operation ID: {0,939506} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3968 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar468.tmp Handle ID: 4044 Operation ID: {0,939478} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3968 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab467.tmp Handle ID: 4064 Operation ID: {0,939477} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab467.tmp Handle ID: 3968 Operation ID: {0,939476} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3968 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3968 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab467.tmp Handle ID: 3968 Operation ID: {0,939471} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3968 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar468.tmp Handle ID: 3968 Operation ID: {0,939466} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3968 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3968 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3968 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3968 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar466.tmp Handle ID: 3968 Operation ID: {0,939464} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3968 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab467.tmp Handle ID: 3968 Operation ID: {0,939458} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3968 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3968 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3968 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3968 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab465.tmp Handle ID: 3968 Operation ID: {0,939454} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3968 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3968 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar466.tmp Handle ID: 3968 Operation ID: {0,939438} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3968 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3800 Operation ID: {0,939405} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3800 Operation ID: {0,939367} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3968 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar466.tmp Handle ID: 3460 Operation ID: {0,939318} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3800 Operation ID: {0,939320} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab465.tmp Handle ID: 3968 Operation ID: {0,939310} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab465.tmp Handle ID: 3600 Operation ID: {0,939309} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab465.tmp Handle ID: 3600 Operation ID: {0,939287} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar466.tmp Handle ID: 4064 Operation ID: {0,939284} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab465.tmp Handle ID: 4064 Operation ID: {0,939278} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3968 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3968 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3968 Operation ID: {0,939245} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3968 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3968 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3968 Operation ID: {0,939213} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3952 Operation ID: {0,939170} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar464.tmp Handle ID: 4064 Operation ID: {0,939136} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab463.tmp Handle ID: 4064 Operation ID: {0,939131} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar464.tmp Handle ID: 4064 Operation ID: {0,939124} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar464.tmp Handle ID: 3800 Operation ID: {0,939107} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab463.tmp Handle ID: 4064 Operation ID: {0,939102} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab463.tmp Handle ID: 3600 Operation ID: {0,939101} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab463.tmp Handle ID: 3600 Operation ID: {0,939090} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar464.tmp Handle ID: 3600 Operation ID: {0,939087} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab463.tmp Handle ID: 3600 Operation ID: {0,939081} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3952 Operation ID: {0,939028} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3952 Operation ID: {0,938967} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar462.tmp Handle ID: 3600 Operation ID: {0,938932} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab461.tmp Handle ID: 3600 Operation ID: {0,938927} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar462.tmp Handle ID: 3600 Operation ID: {0,938920} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar462.tmp Handle ID: 4064 Operation ID: {0,938903} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab461.tmp Handle ID: 3600 Operation ID: {0,938898} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab461.tmp Handle ID: 4068 Operation ID: {0,938897} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab461.tmp Handle ID: 4068 Operation ID: {0,938886} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar462.tmp Handle ID: 4068 Operation ID: {0,938883} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab461.tmp Handle ID: 4068 Operation ID: {0,938877} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4064 Operation ID: {0,938842} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4064 Operation ID: {0,938804} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4064 Operation ID: {0,938765} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3920 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3920 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3920 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3920 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar460.tmp Handle ID: 3920 Operation ID: {0,938679} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3920 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3920 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3920 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3920 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab45F.tmp Handle ID: 3920 Operation ID: {0,938676} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3920 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3920 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar460.tmp Handle ID: 3920 Operation ID: {0,938671} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3920 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3920 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar460.tmp Handle ID: 4064 Operation ID: {0,938658} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab45F.tmp Handle ID: 3920 Operation ID: {0,938655} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab45F.tmp Handle ID: 4068 Operation ID: {0,938654} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab45F.tmp Handle ID: 4068 Operation ID: {0,938643} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar460.tmp Handle ID: 4068 Operation ID: {0,938640} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab45F.tmp Handle ID: 4068 Operation ID: {0,938636} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3952 Operation ID: {0,938583} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3952 Operation ID: {0,938511} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar45E.tmp Handle ID: 3460 Operation ID: {0,938477} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab45D.tmp Handle ID: 3460 Operation ID: {0,938472} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar45E.tmp Handle ID: 3460 Operation ID: {0,938467} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3920 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3920 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3920 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar45E.tmp Handle ID: 3920 Operation ID: {0,938454} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab45D.tmp Handle ID: 3460 Operation ID: {0,938451} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab45D.tmp Handle ID: 3476 Operation ID: {0,938450} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab45D.tmp Handle ID: 3476 Operation ID: {0,938439} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar45E.tmp Handle ID: 3476 Operation ID: {0,938434} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab45D.tmp Handle ID: 3476 Operation ID: {0,938430} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3920 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3920 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3920 Operation ID: {0,938395} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3920 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3920 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3920 Operation ID: {0,938357} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3952 Operation ID: {0,938314} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4068 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4068 Operation ID: {0,938261} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3920 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3920 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3920 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3920 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar45C.tmp Handle ID: 3920 Operation ID: {0,938234} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3920 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3920 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3920 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3920 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab45B.tmp Handle ID: 3920 Operation ID: {0,938229} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3920 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3920 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar45C.tmp Handle ID: 3920 Operation ID: {0,938224} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3920 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3920 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar45C.tmp Handle ID: 4068 Operation ID: {0,938211} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab45B.tmp Handle ID: 3920 Operation ID: {0,938208} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab45B.tmp Handle ID: 4044 Operation ID: {0,938207} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab45B.tmp Handle ID: 4044 Operation ID: {0,938196} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar45C.tmp Handle ID: 4044 Operation ID: {0,938191} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab45B.tmp Handle ID: 4044 Operation ID: {0,938187} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3952 Operation ID: {0,938134} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3952 Operation ID: {0,938068} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar45A.tmp Handle ID: 4068 Operation ID: {0,938038} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab459.tmp Handle ID: 4068 Operation ID: {0,938031} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar45A.tmp Handle ID: 4068 Operation ID: {0,938028} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3968 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar45A.tmp Handle ID: 4044 Operation ID: {0,938015} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3968 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab459.tmp Handle ID: 4068 Operation ID: {0,938012} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab459.tmp Handle ID: 3968 Operation ID: {0,938011} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3968 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3968 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab459.tmp Handle ID: 3968 Operation ID: {0,938002} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3968 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar45A.tmp Handle ID: 3968 Operation ID: {0,937997} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3968 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab459.tmp Handle ID: 3968 Operation ID: {0,937993} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar458.tmp Handle ID: 3760 Operation ID: {0,937952} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab457.tmp Handle ID: 3760 Operation ID: {0,937945} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar458.tmp Handle ID: 3760 Operation ID: {0,937942} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3968 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar458.tmp Handle ID: 4064 Operation ID: {0,937927} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3968 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab457.tmp Handle ID: 3760 Operation ID: {0,937924} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab457.tmp Handle ID: 3968 Operation ID: {0,937923} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3968 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3968 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab457.tmp Handle ID: 3968 Operation ID: {0,937912} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3968 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar458.tmp Handle ID: 3968 Operation ID: {0,937911} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3968 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab457.tmp Handle ID: 3968 Operation ID: {0,937907} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4012 Operation ID: {0,937856} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3832 Operation ID: {0,937788} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4004 Operation ID: {0,937776} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,937733} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3952 Operation ID: {0,937677} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar456.tmp Handle ID: 3692 Operation ID: {0,937636} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab455.tmp Handle ID: 3692 Operation ID: {0,937635} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar456.tmp Handle ID: 3692 Operation ID: {0,937634} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3968 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3968 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3968 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar456.tmp Handle ID: 3968 Operation ID: {0,937627} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab455.tmp Handle ID: 3692 Operation ID: {0,937626} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab455.tmp Handle ID: 3952 Operation ID: {0,937624} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab455.tmp Handle ID: 3952 Operation ID: {0,937609} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar456.tmp Handle ID: 3684 Operation ID: {0,937599} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab455.tmp Handle ID: 3684 Operation ID: {0,937590} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4012 Operation ID: {0,937586} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,937532} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar454.tmp Handle ID: 4024 Operation ID: {0,937494} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab453.tmp Handle ID: 4024 Operation ID: {0,937485} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar454.tmp Handle ID: 4024 Operation ID: {0,937482} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar454.tmp Handle ID: 3760 Operation ID: {0,937463} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab453.tmp Handle ID: 4024 Operation ID: {0,937460} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab453.tmp Handle ID: 3460 Operation ID: {0,937459} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab453.tmp Handle ID: 3460 Operation ID: {0,937447} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar454.tmp Handle ID: 3460 Operation ID: {0,937445} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab453.tmp Handle ID: 3460 Operation ID: {0,937438} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3760 Operation ID: {0,937401} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3760 Operation ID: {0,937355} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3920 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3920 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3920 Operation ID: {0,937292} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4060 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4060 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4060 Operation ID: {0,937252} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar452.tmp Handle ID: 4064 Operation ID: {0,937209} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab451.tmp Handle ID: 4064 Operation ID: {0,937204} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar452.tmp Handle ID: 4064 Operation ID: {0,937199} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar452.tmp Handle ID: 3476 Operation ID: {0,937186} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab451.tmp Handle ID: 4064 Operation ID: {0,937183} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab451.tmp Handle ID: 4004 Operation ID: {0,937182} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab451.tmp Handle ID: 4004 Operation ID: {0,937169} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar452.tmp Handle ID: 4004 Operation ID: {0,937166} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab451.tmp Handle ID: 4004 Operation ID: {0,937162} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,937127} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,937089} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4024 Operation ID: {0,937046} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3692 Operation ID: {0,937005} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar450.tmp Handle ID: 3460 Operation ID: {0,936978} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab44F.tmp Handle ID: 3460 Operation ID: {0,936973} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar450.tmp Handle ID: 3460 Operation ID: {0,936968} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar450.tmp Handle ID: 3692 Operation ID: {0,936952} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab44F.tmp Handle ID: 3460 Operation ID: {0,936947} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab44F.tmp Handle ID: 3800 Operation ID: {0,936946} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab44F.tmp Handle ID: 3800 Operation ID: {0,936931} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar450.tmp Handle ID: 3800 Operation ID: {0,936926} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab44F.tmp Handle ID: 4004 Operation ID: {0,936915} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3920 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3920 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3920 Operation ID: {0,936874} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar44E.tmp Handle ID: 4004 Operation ID: {0,936843} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab44D.tmp Handle ID: 4004 Operation ID: {0,936838} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar44E.tmp Handle ID: 4004 Operation ID: {0,936833} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3920 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3920 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3920 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar44E.tmp Handle ID: 3920 Operation ID: {0,936815} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab44D.tmp Handle ID: 4004 Operation ID: {0,936814} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab44D.tmp Handle ID: 3832 Operation ID: {0,936812} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab44D.tmp Handle ID: 4080 Operation ID: {0,936801} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar44E.tmp Handle ID: 4080 Operation ID: {0,936798} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab44D.tmp Handle ID: 4080 Operation ID: {0,936795} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4004 Operation ID: {0,936756} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4012 Operation ID: {0,936715} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3824 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3824 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3824 Operation ID: {0,936600} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3340 Operation ID: {0,936586} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar44C.tmp Handle ID: 4076 Operation ID: {0,936514} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab44B.tmp Handle ID: 4076 Operation ID: {0,936504} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar44C.tmp Handle ID: 4076 Operation ID: {0,936499} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3920 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar44A.tmp Handle ID: 4024 Operation ID: {0,936492} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab449.tmp Handle ID: 4024 Operation ID: {0,936487} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar44A.tmp Handle ID: 4024 Operation ID: {0,936480} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar44C.tmp Handle ID: 3760 Operation ID: {0,936463} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3920 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab44B.tmp Handle ID: 4076 Operation ID: {0,936460} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab44B.tmp Handle ID: 3920 Operation ID: {0,936459} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3920 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3920 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab44B.tmp Handle ID: 3920 Operation ID: {0,936446} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3920 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar44C.tmp Handle ID: 3920 Operation ID: {0,936443} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3920 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab44B.tmp Handle ID: 3920 Operation ID: {0,936439} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar44A.tmp Handle ID: 4064 Operation ID: {0,936419} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab449.tmp Handle ID: 4024 Operation ID: {0,936414} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab449.tmp Handle ID: 3728 Operation ID: {0,936413} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3760 Operation ID: {0,936389} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab449.tmp Handle ID: 4024 Operation ID: {0,936374} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar44A.tmp Handle ID: 3728 Operation ID: {0,936360} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab449.tmp Handle ID: 3760 Operation ID: {0,936330} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3728 Operation ID: {0,936338} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3460 Operation ID: {0,936294} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4060 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4060 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4060 Operation ID: {0,936243} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3824 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3824 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3824 Operation ID: {0,936197} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4024 Operation ID: {0,936173} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar448.tmp Handle ID: 4064 Operation ID: {0,936132} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab447.tmp Handle ID: 4064 Operation ID: {0,936127} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar448.tmp Handle ID: 4064 Operation ID: {0,936122} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3968 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar448.tmp Handle ID: 3580 Operation ID: {0,936087} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3968 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab447.tmp Handle ID: 4064 Operation ID: {0,936083} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab447.tmp Handle ID: 3968 Operation ID: {0,936082} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3968 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3968 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab447.tmp Handle ID: 3968 Operation ID: {0,936072} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4064 Operation ID: {0,936073} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar448.tmp Handle ID: 4064 Operation ID: {0,936067} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4060 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab447.tmp Handle ID: 4060 Operation ID: {0,936063} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4012 Operation ID: {0,936001} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4032 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4032 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4032 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4032 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar446.tmp Handle ID: 4032 Operation ID: {0,935985} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4032 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4032 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4032 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4032 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab445.tmp Handle ID: 4032 Operation ID: {0,935984} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4032 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4032 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar446.tmp Handle ID: 4032 Operation ID: {0,935983} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4032 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4032 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar446.tmp Handle ID: 4012 Operation ID: {0,935975} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab445.tmp Handle ID: 4032 Operation ID: {0,935974} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab445.tmp Handle ID: 3952 Operation ID: {0,935973} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab445.tmp Handle ID: 3952 Operation ID: {0,935970} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar446.tmp Handle ID: 3952 Operation ID: {0,935966} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab445.tmp Handle ID: 3952 Operation ID: {0,935962} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4024 Operation ID: {0,935909} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,935799} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3828 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3828 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3828 Operation ID: {0,935774} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar444.tmp Handle ID: 3976 Operation ID: {0,935707} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab443.tmp Handle ID: 3976 Operation ID: {0,935706} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar444.tmp Handle ID: 3976 Operation ID: {0,935698} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar442.tmp Handle ID: 3760 Operation ID: {0,935697} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab441.tmp Handle ID: 3760 Operation ID: {0,935696} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar442.tmp Handle ID: 3760 Operation ID: {0,935695} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar444.tmp Handle ID: 4076 Operation ID: {0,935694} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab443.tmp Handle ID: 3976 Operation ID: {0,935693} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab443.tmp Handle ID: 3832 Operation ID: {0,935692} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab443.tmp Handle ID: 3832 Operation ID: {0,935689} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar444.tmp Handle ID: 3832 Operation ID: {0,935688} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab443.tmp Handle ID: 3832 Operation ID: {0,935686} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar442.tmp Handle ID: 3580 Operation ID: {0,935658} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab441.tmp Handle ID: 3760 Operation ID: {0,935656} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab441.tmp Handle ID: 3800 Operation ID: {0,935655} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4076 Operation ID: {0,935652} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab441.tmp Handle ID: 3976 Operation ID: {0,935633} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar442.tmp Handle ID: 3760 Operation ID: {0,935621} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab441.tmp Handle ID: 3760 Operation ID: {0,935614} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3800 Operation ID: {0,935585} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,935550} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3728 Operation ID: {0,935502} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,935478} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3692 Operation ID: {0,935424} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3832 Operation ID: {0,935359} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar440.tmp Handle ID: 3976 Operation ID: {0,935327} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab43F.tmp Handle ID: 3976 Operation ID: {0,935318} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar440.tmp Handle ID: 3976 Operation ID: {0,935311} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar440.tmp Handle ID: 3832 Operation ID: {0,935294} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab43F.tmp Handle ID: 3976 Operation ID: {0,935289} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab43F.tmp Handle ID: 3800 Operation ID: {0,935288} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab43F.tmp Handle ID: 3800 Operation ID: {0,935275} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar440.tmp Handle ID: 3800 Operation ID: {0,935272} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab43F.tmp Handle ID: 3800 Operation ID: {0,935266} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3692 Operation ID: {0,935205} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3692 Operation ID: {0,935130} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3832 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar43E.tmp Handle ID: 3832 Operation ID: {0,935080} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3832 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab43D.tmp Handle ID: 3832 Operation ID: {0,935071} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar43E.tmp Handle ID: 3832 Operation ID: {0,935064} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar43E.tmp Handle ID: 3800 Operation ID: {0,935047} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab43D.tmp Handle ID: 3832 Operation ID: {0,935042} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab43D.tmp Handle ID: 3728 Operation ID: {0,935041} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab43D.tmp Handle ID: 3728 Operation ID: {0,935030} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar43E.tmp Handle ID: 3728 Operation ID: {0,935027} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab43D.tmp Handle ID: 3728 Operation ID: {0,935021} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3800 Operation ID: {0,934986} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3800 Operation ID: {0,934952} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3692 Operation ID: {0,934909} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar43C.tmp Handle ID: 3800 Operation ID: {0,934871} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab43B.tmp Handle ID: 3800 Operation ID: {0,934862} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar43C.tmp Handle ID: 3800 Operation ID: {0,934855} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar43C.tmp Handle ID: 4024 Operation ID: {0,934840} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab43B.tmp Handle ID: 3800 Operation ID: {0,934833} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab43B.tmp Handle ID: 4076 Operation ID: {0,934832} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab43B.tmp Handle ID: 4076 Operation ID: {0,934810} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar43C.tmp Handle ID: 4004 Operation ID: {0,934792} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab43B.tmp Handle ID: 4076 Operation ID: {0,934787} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3952 Operation ID: {0,934680} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3952 Operation ID: {0,934612} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar43A.tmp Handle ID: 4076 Operation ID: {0,934570} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab439.tmp Handle ID: 4076 Operation ID: {0,934561} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar43A.tmp Handle ID: 4076 Operation ID: {0,934426} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4032 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4032 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4032 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar43A.tmp Handle ID: 4032 Operation ID: {0,934409} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab439.tmp Handle ID: 4076 Operation ID: {0,934404} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab439.tmp Handle ID: 3728 Operation ID: {0,934403} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab439.tmp Handle ID: 3728 Operation ID: {0,934392} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar43A.tmp Handle ID: 3728 Operation ID: {0,934389} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab439.tmp Handle ID: 3728 Operation ID: {0,934383} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4032 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4032 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4032 Operation ID: {0,934347} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4032 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4032 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4032 Operation ID: {0,934309} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4032 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4032 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4032 Operation ID: {0,934268} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar438.tmp Handle ID: 3732 Operation ID: {0,934167} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab437.tmp Handle ID: 3732 Operation ID: {0,934162} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar438.tmp Handle ID: 3732 Operation ID: {0,934157} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3992 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar438.tmp Handle ID: 3728 Operation ID: {0,934144} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3992 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab437.tmp Handle ID: 3732 Operation ID: {0,934141} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab437.tmp Handle ID: 3992 Operation ID: {0,934140} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3992 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3992 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab437.tmp Handle ID: 3992 Operation ID: {0,934131} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3992 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar438.tmp Handle ID: 3992 Operation ID: {0,934126} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3992 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab437.tmp Handle ID: 3992 Operation ID: {0,934118} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3760 Operation ID: {0,934064} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3760 Operation ID: {0,933997} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4032 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4032 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4032 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4032 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar436.tmp Handle ID: 4032 Operation ID: {0,933956} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4032 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4032 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4032 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4032 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab435.tmp Handle ID: 4032 Operation ID: {0,933951} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4032 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4032 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar436.tmp Handle ID: 4032 Operation ID: {0,933946} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4032 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3992 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3992 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3992 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4032 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar436.tmp Handle ID: 3992 Operation ID: {0,933931} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab435.tmp Handle ID: 4032 Operation ID: {0,933928} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab435.tmp Handle ID: 4080 Operation ID: {0,933927} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab435.tmp Handle ID: 4080 Operation ID: {0,933918} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar436.tmp Handle ID: 4080 Operation ID: {0,933915} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab435.tmp Handle ID: 4080 Operation ID: {0,933911} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3992 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3992 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3992 Operation ID: {0,933876} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3992 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3992 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3992 Operation ID: {0,933838} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3760 Operation ID: {0,933795} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4068 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4068 Operation ID: {0,933745} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3992 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3992 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3992 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3992 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar434.tmp Handle ID: 3992 Operation ID: {0,933716} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3992 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3992 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3992 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3992 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab433.tmp Handle ID: 3992 Operation ID: {0,933711} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3992 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3992 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar434.tmp Handle ID: 3992 Operation ID: {0,933706} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3992 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3992 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar434.tmp Handle ID: 4068 Operation ID: {0,933693} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab433.tmp Handle ID: 3992 Operation ID: {0,933690} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab433.tmp Handle ID: 3976 Operation ID: {0,933689} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab433.tmp Handle ID: 3976 Operation ID: {0,933678} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar434.tmp Handle ID: 3976 Operation ID: {0,933675} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab433.tmp Handle ID: 3976 Operation ID: {0,933671} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3760 Operation ID: {0,933618} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3760 Operation ID: {0,933550} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4000 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4000 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4000 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4000 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar432.tmp Handle ID: 4000 Operation ID: {0,933507} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3912 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab431.tmp Handle ID: 3912 Operation ID: {0,933504} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar432.tmp Handle ID: 3912 Operation ID: {0,933501} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar432.tmp Handle ID: 3996 Operation ID: {0,933486} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab431.tmp Handle ID: 3912 Operation ID: {0,933483} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab431.tmp Handle ID: 3660 Operation ID: {0,933482} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab431.tmp Handle ID: 3660 Operation ID: {0,933471} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar432.tmp Handle ID: 3660 Operation ID: {0,933466} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab431.tmp Handle ID: 3660 Operation ID: {0,933462} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3996 Operation ID: {0,933427} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3996 Operation ID: {0,933389} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4024 Operation ID: {0,933346} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3996 Operation ID: {0,933298} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar430.tmp Handle ID: 3660 Operation ID: {0,933271} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab42F.tmp Handle ID: 3660 Operation ID: {0,933266} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar430.tmp Handle ID: 3660 Operation ID: {0,933263} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar430.tmp Handle ID: 3996 Operation ID: {0,933248} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab42F.tmp Handle ID: 3660 Operation ID: {0,933245} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab42F.tmp Handle ID: 3912 Operation ID: {0,933244} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab42F.tmp Handle ID: 3912 Operation ID: {0,933233} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar430.tmp Handle ID: 3912 Operation ID: {0,933228} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab42F.tmp Handle ID: 3912 Operation ID: {0,933224} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4024 Operation ID: {0,933171} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4024 Operation ID: {0,933099} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar42E.tmp Handle ID: 3996 Operation ID: {0,933053} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab42D.tmp Handle ID: 3996 Operation ID: {0,933044} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar42E.tmp Handle ID: 3996 Operation ID: {0,933039} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar42E.tmp Handle ID: 3912 Operation ID: {0,933022} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab42D.tmp Handle ID: 3996 Operation ID: {0,933019} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab42D.tmp Handle ID: 4068 Operation ID: {0,933018} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab42D.tmp Handle ID: 4068 Operation ID: {0,933003} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar42E.tmp Handle ID: 4068 Operation ID: {0,933000} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab42D.tmp Handle ID: 4068 Operation ID: {0,932992} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3912 Operation ID: {0,932956} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3912 Operation ID: {0,932917} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4024 Operation ID: {0,932874} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4028 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4028 Operation ID: {0,932814} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3912 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar42C.tmp Handle ID: 3912 Operation ID: {0,932785} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3912 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab42B.tmp Handle ID: 3912 Operation ID: {0,932776} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar42C.tmp Handle ID: 3912 Operation ID: {0,932769} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar42C.tmp Handle ID: 4028 Operation ID: {0,932756} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab42B.tmp Handle ID: 3912 Operation ID: {0,932753} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab42B.tmp Handle ID: 3832 Operation ID: {0,932752} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab42B.tmp Handle ID: 3832 Operation ID: {0,932741} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar42C.tmp Handle ID: 3832 Operation ID: {0,932738} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab42B.tmp Handle ID: 3832 Operation ID: {0,932734} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4024 Operation ID: {0,932681} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4024 Operation ID: {0,932612} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar42A.tmp Handle ID: 4068 Operation ID: {0,932569} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab429.tmp Handle ID: 4068 Operation ID: {0,932564} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar42A.tmp Handle ID: 4068 Operation ID: {0,932559} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4000 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar42A.tmp Handle ID: 3912 Operation ID: {0,932546} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4000 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab429.tmp Handle ID: 4068 Operation ID: {0,932543} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab429.tmp Handle ID: 4000 Operation ID: {0,932542} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4000 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4000 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab429.tmp Handle ID: 4000 Operation ID: {0,932531} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4000 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar42A.tmp Handle ID: 4000 Operation ID: {0,932526} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4000 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab429.tmp Handle ID: 4000 Operation ID: {0,932522} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3912 Operation ID: {0,932487} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3912 Operation ID: {0,932449} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4024 Operation ID: {0,932406} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4000 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4000 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4000 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4000 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar428.tmp Handle ID: 4000 Operation ID: {0,932368} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4000 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4000 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4000 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4000 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab427.tmp Handle ID: 4000 Operation ID: {0,932363} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4000 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4000 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar428.tmp Handle ID: 4000 Operation ID: {0,932358} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4000 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4000 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar428.tmp Handle ID: 3912 Operation ID: {0,932345} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab427.tmp Handle ID: 4000 Operation ID: {0,932342} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab427.tmp Handle ID: 4068 Operation ID: {0,932339} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab427.tmp Handle ID: 4068 Operation ID: {0,932334} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar428.tmp Handle ID: 4068 Operation ID: {0,932331} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab427.tmp Handle ID: 4068 Operation ID: {0,932327} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4024 Operation ID: {0,932274} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4024 Operation ID: {0,932213} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3912 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar426.tmp Handle ID: 3912 Operation ID: {0,932168} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3912 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab425.tmp Handle ID: 3912 Operation ID: {0,932163} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar426.tmp Handle ID: 3912 Operation ID: {0,932158} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar426.tmp Handle ID: 4068 Operation ID: {0,932145} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab425.tmp Handle ID: 3912 Operation ID: {0,932142} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab425.tmp Handle ID: 3996 Operation ID: {0,932141} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab425.tmp Handle ID: 3996 Operation ID: {0,932128} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar426.tmp Handle ID: 3996 Operation ID: {0,932126} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab425.tmp Handle ID: 3996 Operation ID: {0,932121} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4068 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4068 Operation ID: {0,932086} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4068 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4068 Operation ID: {0,932048} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4068 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4068 Operation ID: {0,932007} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4072 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4072 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4072 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4072 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar424.tmp Handle ID: 4072 Operation ID: {0,929792} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4072 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4072 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4072 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4072 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab423.tmp Handle ID: 4072 Operation ID: {0,929787} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4072 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4072 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar424.tmp Handle ID: 4072 Operation ID: {0,929782} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4072 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4072 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar424.tmp Handle ID: 4028 Operation ID: {0,929769} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab423.tmp Handle ID: 4072 Operation ID: {0,929766} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab423.tmp Handle ID: 3832 Operation ID: {0,929765} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab423.tmp Handle ID: 3832 Operation ID: {0,929754} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar424.tmp Handle ID: 3832 Operation ID: {0,929753} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab423.tmp Handle ID: 3832 Operation ID: {0,929749} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4024 Operation ID: {0,929696} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4024 Operation ID: {0,929632} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar422.tmp Handle ID: 4028 Operation ID: {0,929594} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab421.tmp Handle ID: 4028 Operation ID: {0,929585} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar422.tmp Handle ID: 4028 Operation ID: {0,929578} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar422.tmp Handle ID: 3832 Operation ID: {0,929561} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab421.tmp Handle ID: 4028 Operation ID: {0,929556} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab421.tmp Handle ID: 3976 Operation ID: {0,929555} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab421.tmp Handle ID: 3976 Operation ID: {0,929544} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar422.tmp Handle ID: 3976 Operation ID: {0,929541} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab421.tmp Handle ID: 3976 Operation ID: {0,929535} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3832 Operation ID: {0,929504} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3832 Operation ID: {0,929468} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4024 Operation ID: {0,929425} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3912 Operation ID: {0,929373} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar420.tmp Handle ID: 3976 Operation ID: {0,929346} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab41F.tmp Handle ID: 3976 Operation ID: {0,929341} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar420.tmp Handle ID: 3976 Operation ID: {0,929336} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar420.tmp Handle ID: 3912 Operation ID: {0,929323} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab41F.tmp Handle ID: 3976 Operation ID: {0,929320} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab41F.tmp Handle ID: 4028 Operation ID: {0,929319} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab41F.tmp Handle ID: 4028 Operation ID: {0,929308} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar420.tmp Handle ID: 4028 Operation ID: {0,929307} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab41F.tmp Handle ID: 4028 Operation ID: {0,929303} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4024 Operation ID: {0,929250} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3760 Operation ID: {0,929184} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar41E.tmp Handle ID: 3732 Operation ID: {0,929142} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab41D.tmp Handle ID: 3732 Operation ID: {0,929133} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar41E.tmp Handle ID: 3732 Operation ID: {0,929126} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar41E.tmp Handle ID: 3728 Operation ID: {0,929109} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab41D.tmp Handle ID: 3732 Operation ID: {0,929104} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab41D.tmp Handle ID: 4024 Operation ID: {0,929103} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4024 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab41D.tmp Handle ID: 4024 Operation ID: {0,929092} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar41E.tmp Handle ID: 4024 Operation ID: {0,929089} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4024 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab41D.tmp Handle ID: 4024 Operation ID: {0,929083} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3732 Operation ID: {0,929048} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3732 Operation ID: {0,929010} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3760 Operation ID: {0,928969} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4008 Operation ID: {0,928917} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3912 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar41C.tmp Handle ID: 3912 Operation ID: {0,928888} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3912 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab41B.tmp Handle ID: 3912 Operation ID: {0,928879} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar41C.tmp Handle ID: 3912 Operation ID: {0,928872} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar41C.tmp Handle ID: 4008 Operation ID: {0,928855} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab41B.tmp Handle ID: 3912 Operation ID: {0,928850} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab41B.tmp Handle ID: 3728 Operation ID: {0,928849} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab41B.tmp Handle ID: 3728 Operation ID: {0,928838} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar41C.tmp Handle ID: 3728 Operation ID: {0,928835} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab41B.tmp Handle ID: 3728 Operation ID: {0,928829} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3760 Operation ID: {0,928776} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3760 Operation ID: {0,928714} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar41A.tmp Handle ID: 3728 Operation ID: {0,928673} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab419.tmp Handle ID: 3728 Operation ID: {0,928664} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar41A.tmp Handle ID: 3728 Operation ID: {0,928657} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar41A.tmp Handle ID: 3912 Operation ID: {0,928640} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab419.tmp Handle ID: 3728 Operation ID: {0,928635} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab419.tmp Handle ID: 3580 Operation ID: {0,928634} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab419.tmp Handle ID: 3580 Operation ID: {0,928623} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar41A.tmp Handle ID: 3580 Operation ID: {0,928620} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab419.tmp Handle ID: 3580 Operation ID: {0,928614} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3912 Operation ID: {0,928579} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3912 Operation ID: {0,928541} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3760 Operation ID: {0,928498} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4032 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4032 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4032 Operation ID: {0,928453} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar418.tmp Handle ID: 3580 Operation ID: {0,928424} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab417.tmp Handle ID: 3580 Operation ID: {0,928415} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar418.tmp Handle ID: 3580 Operation ID: {0,928406} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4032 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4032 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4032 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar418.tmp Handle ID: 4032 Operation ID: {0,928393} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab417.tmp Handle ID: 3580 Operation ID: {0,928386} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab417.tmp Handle ID: 4080 Operation ID: {0,928385} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4080 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab417.tmp Handle ID: 4080 Operation ID: {0,928376} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar418.tmp Handle ID: 4080 Operation ID: {0,928371} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4080 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab417.tmp Handle ID: 4080 Operation ID: {0,928367} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3760 Operation ID: {0,928314} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3760 Operation ID: {0,928246} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar416.tmp Handle ID: 3728 Operation ID: {0,928205} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab415.tmp Handle ID: 3728 Operation ID: {0,928196} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar416.tmp Handle ID: 3728 Operation ID: {0,928189} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar416.tmp Handle ID: 3580 Operation ID: {0,928174} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab415.tmp Handle ID: 3728 Operation ID: {0,928167} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab415.tmp Handle ID: 3732 Operation ID: {0,928166} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab415.tmp Handle ID: 3732 Operation ID: {0,928157} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar416.tmp Handle ID: 3732 Operation ID: {0,928150} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab415.tmp Handle ID: 3732 Operation ID: {0,928146} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,928111} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,928073} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3760 Operation ID: {0,928030} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar414.tmp Handle ID: 3732 Operation ID: {0,927992} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab413.tmp Handle ID: 3732 Operation ID: {0,927983} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar414.tmp Handle ID: 3732 Operation ID: {0,927976} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4072 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar414.tmp Handle ID: 3416 Operation ID: {0,927959} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4072 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab413.tmp Handle ID: 3732 Operation ID: {0,927954} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab413.tmp Handle ID: 4072 Operation ID: {0,927953} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4072 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4072 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab413.tmp Handle ID: 4072 Operation ID: {0,927942} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4072 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar414.tmp Handle ID: 4072 Operation ID: {0,927939} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4072 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab413.tmp Handle ID: 4072 Operation ID: {0,927933} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3760 Operation ID: {0,927880} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3760 Operation ID: {0,927812} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar412.tmp Handle ID: 3416 Operation ID: {0,927768} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab411.tmp Handle ID: 3416 Operation ID: {0,927759} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar412.tmp Handle ID: 3416 Operation ID: {0,927752} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4072 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4072 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4072 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar412.tmp Handle ID: 4072 Operation ID: {0,927737} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab411.tmp Handle ID: 3416 Operation ID: {0,927730} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab411.tmp Handle ID: 3912 Operation ID: {0,927729} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab411.tmp Handle ID: 3912 Operation ID: {0,927720} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar412.tmp Handle ID: 3912 Operation ID: {0,927715} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab411.tmp Handle ID: 3912 Operation ID: {0,927709} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4072 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4072 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4072 Operation ID: {0,927674} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4072 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4072 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4072 Operation ID: {0,927636} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4072 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4072 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4072 Operation ID: {0,927595} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar410.tmp Handle ID: 3728 Operation ID: {0,927531} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab40F.tmp Handle ID: 3728 Operation ID: {0,927524} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar410.tmp Handle ID: 3728 Operation ID: {0,927517} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar410.tmp Handle ID: 3760 Operation ID: {0,927504} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab40F.tmp Handle ID: 3728 Operation ID: {0,927501} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab40F.tmp Handle ID: 4008 Operation ID: {0,927500} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab40F.tmp Handle ID: 4008 Operation ID: {0,927489} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar410.tmp Handle ID: 4008 Operation ID: {0,927484} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab40F.tmp Handle ID: 4008 Operation ID: {0,927480} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4012 Operation ID: {0,927423} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3968 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3968 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3968 Operation ID: {0,927356} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3992 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3992 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3992 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3992 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar40E.tmp Handle ID: 3992 Operation ID: {0,927122} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3992 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3992 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3992 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3992 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab40D.tmp Handle ID: 3992 Operation ID: {0,927113} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3992 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3992 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar40E.tmp Handle ID: 3992 Operation ID: {0,927110} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3992 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3992 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar40E.tmp Handle ID: 3728 Operation ID: {0,927093} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab40D.tmp Handle ID: 3992 Operation ID: {0,927092} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab40D.tmp Handle ID: 3800 Operation ID: {0,927091} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab40D.tmp Handle ID: 3800 Operation ID: {0,927082} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar40E.tmp Handle ID: 3800 Operation ID: {0,927075} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab40D.tmp Handle ID: 3800 Operation ID: {0,927071} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3728 Operation ID: {0,927036} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3728 Operation ID: {0,926998} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3828 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3828 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3828 Operation ID: {0,926955} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4008 Operation ID: {0,926909} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar40C.tmp Handle ID: 3800 Operation ID: {0,926884} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab40B.tmp Handle ID: 3800 Operation ID: {0,926877} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar40C.tmp Handle ID: 3800 Operation ID: {0,926872} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar40C.tmp Handle ID: 4008 Operation ID: {0,926752} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab40B.tmp Handle ID: 3800 Operation ID: {0,926748} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab40B.tmp Handle ID: 3952 Operation ID: {0,926743} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab40B.tmp Handle ID: 4008 Operation ID: {0,926722} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar40C.tmp Handle ID: 3952 Operation ID: {0,926714} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab40B.tmp Handle ID: 3952 Operation ID: {0,926706} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3828 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3828 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3828 Operation ID: {0,926653} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3828 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3828 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3828 Operation ID: {0,926588} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3992 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3992 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3992 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3992 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar408.tmp Handle ID: 3992 Operation ID: {0,926503} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3992 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3992 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3992 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3992 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab407.tmp Handle ID: 3992 Operation ID: {0,926502} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3992 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3992 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3992 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3992 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar40A.tmp Handle ID: 3992 Operation ID: {0,926501} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar408.tmp Handle ID: 3600 Operation ID: {0,926500} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab409.tmp Handle ID: 3600 Operation ID: {0,926498} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3992 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar40A.tmp Handle ID: 3600 Operation ID: {0,926492} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4060 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar40A.tmp Handle ID: 4044 Operation ID: {0,926471} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4060 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab409.tmp Handle ID: 3600 Operation ID: {0,926468} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab409.tmp Handle ID: 4060 Operation ID: {0,926467} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4060 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4060 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab409.tmp Handle ID: 4060 Operation ID: {0,926454} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4060 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar40A.tmp Handle ID: 4060 Operation ID: {0,926451} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4060 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab409.tmp Handle ID: 4060 Operation ID: {0,926443} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3992 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar408.tmp Handle ID: 3800 Operation ID: {0,926437} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab407.tmp Handle ID: 3992 Operation ID: {0,926434} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab407.tmp Handle ID: 3952 Operation ID: {0,926433} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab407.tmp Handle ID: 4044 Operation ID: {0,926407} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar408.tmp Handle ID: 4044 Operation ID: {0,926383} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3800 Operation ID: {0,926386} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab407.tmp Handle ID: 3800 Operation ID: {0,926369} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4044 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4044 Operation ID: {0,926324} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,926252} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4064 Operation ID: {0,926241} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3968 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3968 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3968 Operation ID: {0,926183} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar406.tmp Handle ID: 4044 Operation ID: {0,926152} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab405.tmp Handle ID: 4044 Operation ID: {0,926145} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar406.tmp Handle ID: 4044 Operation ID: {0,926138} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3968 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3968 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3968 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar406.tmp Handle ID: 3968 Operation ID: {0,926125} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab405.tmp Handle ID: 4044 Operation ID: {0,926122} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab405.tmp Handle ID: 4012 Operation ID: {0,926121} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab405.tmp Handle ID: 4012 Operation ID: {0,926108} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar406.tmp Handle ID: 4012 Operation ID: {0,926106} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab405.tmp Handle ID: 4012 Operation ID: {0,926083} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3728 Operation ID: {0,926032} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4064 Operation ID: {0,925992} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4004 Operation ID: {0,925923} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4060 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4060 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4060 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4060 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar404.tmp Handle ID: 4060 Operation ID: {0,925891} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4060 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4060 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4060 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4060 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab403.tmp Handle ID: 4060 Operation ID: {0,925882} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4060 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4060 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar404.tmp Handle ID: 4060 Operation ID: {0,925875} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4060 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4060 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar404.tmp Handle ID: 4076 Operation ID: {0,925857} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab403.tmp Handle ID: 4060 Operation ID: {0,925851} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab403.tmp Handle ID: 3684 Operation ID: {0,925850} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab403.tmp Handle ID: 3684 Operation ID: {0,925839} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar404.tmp Handle ID: 3684 Operation ID: {0,925836} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab403.tmp Handle ID: 3684 Operation ID: {0,925825} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar402.tmp Handle ID: 4008 Operation ID: {0,925795} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab401.tmp Handle ID: 4008 Operation ID: {0,925790} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar402.tmp Handle ID: 4008 Operation ID: {0,925785} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3992 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3992 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3992 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar402.tmp Handle ID: 3992 Operation ID: {0,925763} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab401.tmp Handle ID: 4008 Operation ID: {0,925759} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab401.tmp Handle ID: 3764 Operation ID: {0,925757} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab401.tmp Handle ID: 3476 Operation ID: {0,925734} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar402.tmp Handle ID: 3764 Operation ID: {0,925730} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab401.tmp Handle ID: 3476 Operation ID: {0,925718} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3764 Operation ID: {0,925714} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3992 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3992 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3992 Operation ID: {0,925647} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4008 Operation ID: {0,925635} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,925576} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4012 Operation ID: {0,925559} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4064 Operation ID: {0,925516} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4060 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4060 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4060 Operation ID: {0,925471} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar400.tmp Handle ID: 3952 Operation ID: {0,925427} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3FF.tmp Handle ID: 3684 Operation ID: {0,925396} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar400.tmp Handle ID: 3684 Operation ID: {0,925389} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3760 Operation ID: {0,925386} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar400.tmp Handle ID: 4012 Operation ID: {0,925349} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4012 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3FE.tmp Handle ID: 4012 Operation ID: {0,925346} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3FF.tmp Handle ID: 3760 Operation ID: {0,925343} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3FF.tmp Handle ID: 3684 Operation ID: {0,925342} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3FD.tmp Handle ID: 3760 Operation ID: {0,925340} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3FE.tmp Handle ID: 3760 Operation ID: {0,925338} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3992 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3FF.tmp Handle ID: 3760 Operation ID: {0,925329} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3992 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar400.tmp Handle ID: 3760 Operation ID: {0,925322} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3FF.tmp Handle ID: 3760 Operation ID: {0,925318} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4076 Operation ID: {0,925265} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3992 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3FE.tmp Handle ID: 3992 Operation ID: {0,925252} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3FD.tmp Handle ID: 3684 Operation ID: {0,925249} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3FD.tmp Handle ID: 4012 Operation ID: {0,925248} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3FD.tmp Handle ID: 4012 Operation ID: {0,925235} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3FE.tmp Handle ID: 4012 Operation ID: {0,925234} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3FD.tmp Handle ID: 4012 Operation ID: {0,925228} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4064 Operation ID: {0,925173} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4064 Operation ID: {0,925109} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4064 Operation ID: {0,925046} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3FA.tmp Handle ID: 3728 Operation ID: {0,924974} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3FC.tmp Handle ID: 3692 Operation ID: {0,924954} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3FB.tmp Handle ID: 3692 Operation ID: {0,924942} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3FC.tmp Handle ID: 3692 Operation ID: {0,924934} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3FC.tmp Handle ID: 4004 Operation ID: {0,924912} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3FB.tmp Handle ID: 3692 Operation ID: {0,924911} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3FB.tmp Handle ID: 3684 Operation ID: {0,924910} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3FB.tmp Handle ID: 3684 Operation ID: {0,924907} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3FC.tmp Handle ID: 3684 Operation ID: {0,924904} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3FB.tmp Handle ID: 3684 Operation ID: {0,924902} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3F9.tmp Handle ID: 3728 Operation ID: {0,924872} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3FA.tmp Handle ID: 3728 Operation ID: {0,924855} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3FA.tmp Handle ID: 3692 Operation ID: {0,924763} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3F9.tmp Handle ID: 3728 Operation ID: {0,924760} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3F9.tmp Handle ID: 3684 Operation ID: {0,924759} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3F9.tmp Handle ID: 3684 Operation ID: {0,924748} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3FA.tmp Handle ID: 3684 Operation ID: {0,924745} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3F9.tmp Handle ID: 3684 Operation ID: {0,924739} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3728 Operation ID: {0,924633} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3800 Operation ID: {0,924590} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4004 Operation ID: {0,924546} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3728 Operation ID: {0,924520} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3760 Operation ID: {0,924460} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4064 Operation ID: {0,924359} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3F8.tmp Handle ID: 4008 Operation ID: {0,924312} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3F7.tmp Handle ID: 4008 Operation ID: {0,924307} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3F8.tmp Handle ID: 4008 Operation ID: {0,924302} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3F8.tmp Handle ID: 4004 Operation ID: {0,924289} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3F7.tmp Handle ID: 4008 Operation ID: {0,924286} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3F7.tmp Handle ID: 4044 Operation ID: {0,924285} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3F7.tmp Handle ID: 4044 Operation ID: {0,924276} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3F8.tmp Handle ID: 4044 Operation ID: {0,924270} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3F7.tmp Handle ID: 4044 Operation ID: {0,924265} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3952 Operation ID: {0,924210} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3952 Operation ID: {0,924173} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3F6.tmp Handle ID: 3760 Operation ID: {0,924140} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3F5.tmp Handle ID: 3760 Operation ID: {0,924133} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3F6.tmp Handle ID: 3760 Operation ID: {0,924128} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3F6.tmp Handle ID: 3952 Operation ID: {0,924113} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3F5.tmp Handle ID: 3760 Operation ID: {0,924110} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3F5.tmp Handle ID: 3728 Operation ID: {0,924109} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3F5.tmp Handle ID: 3728 Operation ID: {0,924096} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3F6.tmp Handle ID: 3728 Operation ID: {0,924092} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3F5.tmp Handle ID: 3728 Operation ID: {0,924088} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4064 Operation ID: {0,924035} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4064 Operation ID: {0,923970} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3F4.tmp Handle ID: 4008 Operation ID: {0,923920} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3F3.tmp Handle ID: 4008 Operation ID: {0,923915} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3F4.tmp Handle ID: 4008 Operation ID: {0,923910} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3F4.tmp Handle ID: 3684 Operation ID: {0,923897} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3F3.tmp Handle ID: 4008 Operation ID: {0,923894} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3F3.tmp Handle ID: 3692 Operation ID: {0,923893} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3F3.tmp Handle ID: 3692 Operation ID: {0,923884} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3F4.tmp Handle ID: 3692 Operation ID: {0,923879} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3F3.tmp Handle ID: 3692 Operation ID: {0,923875} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,923829} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,923767} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3992 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3992 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3992 Operation ID: {0,923726} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,923703} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3F2.tmp Handle ID: 4004 Operation ID: {0,923651} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3F1.tmp Handle ID: 4004 Operation ID: {0,923642} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3F2.tmp Handle ID: 4004 Operation ID: {0,923635} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3968 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3968 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3968 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3F2.tmp Handle ID: 3968 Operation ID: {0,923620} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3F1.tmp Handle ID: 4004 Operation ID: {0,923613} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3F1.tmp Handle ID: 3764 Operation ID: {0,923612} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3F1.tmp Handle ID: 3764 Operation ID: {0,923603} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3F2.tmp Handle ID: 3764 Operation ID: {0,923598} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3F1.tmp Handle ID: 3764 Operation ID: {0,923592} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4060 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4060 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4060 Operation ID: {0,923554} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4060 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4060 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4060 Operation ID: {0,923516} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,923473} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4012 Operation ID: {0,923427} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3F0.tmp Handle ID: 4004 Operation ID: {0,923398} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3EF.tmp Handle ID: 4004 Operation ID: {0,923389} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3F0.tmp Handle ID: 4004 Operation ID: {0,923382} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3F0.tmp Handle ID: 4012 Operation ID: {0,923367} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3EF.tmp Handle ID: 4004 Operation ID: {0,923360} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3EF.tmp Handle ID: 3764 Operation ID: {0,923359} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3EF.tmp Handle ID: 3764 Operation ID: {0,923350} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3F0.tmp Handle ID: 3764 Operation ID: {0,923343} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3EF.tmp Handle ID: 3764 Operation ID: {0,923339} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,923286} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,923220} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4012 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3EE.tmp Handle ID: 4012 Operation ID: {0,923179} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4012 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3ED.tmp Handle ID: 4012 Operation ID: {0,923170} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3EE.tmp Handle ID: 4012 Operation ID: {0,923163} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3EE.tmp Handle ID: 3764 Operation ID: {0,923146} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3ED.tmp Handle ID: 4012 Operation ID: {0,923141} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3ED.tmp Handle ID: 4076 Operation ID: {0,923140} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3ED.tmp Handle ID: 4076 Operation ID: {0,923129} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3EE.tmp Handle ID: 4076 Operation ID: {0,923126} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3ED.tmp Handle ID: 4076 Operation ID: {0,923120} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3764 Operation ID: {0,923085} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3764 Operation ID: {0,923047} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,923002} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3EC.tmp Handle ID: 3764 Operation ID: {0,922970} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3EB.tmp Handle ID: 3764 Operation ID: {0,922964} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3EC.tmp Handle ID: 3764 Operation ID: {0,922960} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3EC.tmp Handle ID: 3800 Operation ID: {0,922945} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3EB.tmp Handle ID: 3764 Operation ID: {0,922942} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3EB.tmp Handle ID: 4008 Operation ID: {0,922941} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3EB.tmp Handle ID: 4008 Operation ID: {0,922930} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3EC.tmp Handle ID: 4008 Operation ID: {0,922925} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3EB.tmp Handle ID: 4008 Operation ID: {0,922921} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,922867} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,922793} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3EA.tmp Handle ID: 4076 Operation ID: {0,922751} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3E9.tmp Handle ID: 4076 Operation ID: {0,922742} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3EA.tmp Handle ID: 4076 Operation ID: {0,922735} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4060 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3EA.tmp Handle ID: 3764 Operation ID: {0,922720} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4060 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3E9.tmp Handle ID: 4076 Operation ID: {0,922713} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3E9.tmp Handle ID: 4060 Operation ID: {0,922712} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4060 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4060 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3E9.tmp Handle ID: 4060 Operation ID: {0,922703} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4060 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3EA.tmp Handle ID: 4060 Operation ID: {0,922696} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4060 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3E9.tmp Handle ID: 4060 Operation ID: {0,922692} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3764 Operation ID: {0,922657} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3764 Operation ID: {0,922619} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3764 Operation ID: {0,922576} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3E8.tmp Handle ID: 3732 Operation ID: {0,922492} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3E7.tmp Handle ID: 3732 Operation ID: {0,922487} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3E8.tmp Handle ID: 3732 Operation ID: {0,922482} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3E8.tmp Handle ID: 3764 Operation ID: {0,922469} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3E7.tmp Handle ID: 3732 Operation ID: {0,922466} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3E7.tmp Handle ID: 3580 Operation ID: {0,922465} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3E7.tmp Handle ID: 3580 Operation ID: {0,922456} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3E8.tmp Handle ID: 3580 Operation ID: {0,922451} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3E7.tmp Handle ID: 3580 Operation ID: {0,922447} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,922394} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,922329} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3968 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3968 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3968 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3968 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3E6.tmp Handle ID: 3968 Operation ID: {0,922292} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3968 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3968 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3968 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3968 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3E5.tmp Handle ID: 3968 Operation ID: {0,922287} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3968 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3968 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3E6.tmp Handle ID: 3968 Operation ID: {0,922282} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3968 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3968 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3E6.tmp Handle ID: 4008 Operation ID: {0,922269} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3E5.tmp Handle ID: 3968 Operation ID: {0,922266} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3E5.tmp Handle ID: 3732 Operation ID: {0,922265} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3E5.tmp Handle ID: 3732 Operation ID: {0,922256} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3E6.tmp Handle ID: 3732 Operation ID: {0,922251} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3E5.tmp Handle ID: 3732 Operation ID: {0,922247} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4008 Operation ID: {0,922212} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4008 Operation ID: {0,922174} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,922131} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4004 Operation ID: {0,922081} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3E4.tmp Handle ID: 3732 Operation ID: {0,922052} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3E3.tmp Handle ID: 3732 Operation ID: {0,922047} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3E4.tmp Handle ID: 3732 Operation ID: {0,922042} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3E4.tmp Handle ID: 4004 Operation ID: {0,922027} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3E3.tmp Handle ID: 3732 Operation ID: {0,922024} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3E3.tmp Handle ID: 4012 Operation ID: {0,922023} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3E3.tmp Handle ID: 4012 Operation ID: {0,922012} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3E4.tmp Handle ID: 4012 Operation ID: {0,922009} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3E3.tmp Handle ID: 4012 Operation ID: {0,922005} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,921951} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4008 Operation ID: {0,921329} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3E2.tmp Handle ID: 4004 Operation ID: {0,920553} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3E1.tmp Handle ID: 4004 Operation ID: {0,920546} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3E2.tmp Handle ID: 4004 Operation ID: {0,920539} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3968 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3968 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3968 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3E2.tmp Handle ID: 3968 Operation ID: {0,920524} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3E1.tmp Handle ID: 4004 Operation ID: {0,920521} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3E1.tmp Handle ID: 3800 Operation ID: {0,920520} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3E1.tmp Handle ID: 3800 Operation ID: {0,920509} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3E2.tmp Handle ID: 3800 Operation ID: {0,920504} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3E1.tmp Handle ID: 3800 Operation ID: {0,920433} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4012 Operation ID: {0,920395} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4012 Operation ID: {0,920356} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,920313} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3828 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3828 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3828 Operation ID: {0,919317} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3DF.tmp Handle ID: 4068 Operation ID: {0,919281} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3DD.tmp Handle ID: 4068 Operation ID: {0,919268} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3DF.tmp Handle ID: 4068 Operation ID: {0,919263} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3988 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3988 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3988 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3DF.tmp Handle ID: 3988 Operation ID: {0,919244} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3DD.tmp Handle ID: 4068 Operation ID: {0,919241} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3DD.tmp Handle ID: 3996 Operation ID: {0,919239} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3DD.tmp Handle ID: 3996 Operation ID: {0,919196} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3E0.tmp Handle ID: 3996 Operation ID: {0,919213} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3DE.tmp Handle ID: 3996 Operation ID: {0,919212} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3E0.tmp Handle ID: 3996 Operation ID: {0,919211} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3E0.tmp Handle ID: 3580 Operation ID: {0,919210} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3DE.tmp Handle ID: 3996 Operation ID: {0,919209} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3DE.tmp Handle ID: 4068 Operation ID: {0,919208} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3DE.tmp Handle ID: 4068 Operation ID: {0,919205} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3E0.tmp Handle ID: 4068 Operation ID: {0,919202} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3DF.tmp Handle ID: 4068 Operation ID: {0,919189} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3DE.tmp Handle ID: 4068 Operation ID: {0,919187} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3DD.tmp Handle ID: 3996 Operation ID: {0,919180} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4044 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4044 Operation ID: {0,919114} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3920 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3920 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3920 Operation ID: {0,919072} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 464 Process ID: 5064 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 464 Object Type: Key Process ID: 5064 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 464 Operation ID: {0,919060} Process ID: 5064 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3340 Operation ID: {0,918784} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3DC.tmp Handle ID: 4004 Operation ID: {0,918617} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3DB.tmp Handle ID: 4004 Operation ID: {0,918612} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3DC.tmp Handle ID: 4004 Operation ID: {0,918607} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3DC.tmp Handle ID: 3476 Operation ID: {0,918585} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3DB.tmp Handle ID: 4004 Operation ID: {0,918580} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3DB.tmp Handle ID: 3684 Operation ID: {0,918578} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3DB.tmp Handle ID: 3684 Operation ID: {0,918564} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3DC.tmp Handle ID: 3684 Operation ID: {0,918563} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3DB.tmp Handle ID: 3684 Operation ID: {0,918549} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,918511} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,918473} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3340 Operation ID: {0,918419} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 176 Process ID: 5064 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 176 Object Type: Key Process ID: 5064 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 176 Operation ID: {0,918406} Process ID: 5064 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3824 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3824 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3824 Operation ID: {0,918368} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 164 Process ID: 5064 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 164 Object Type: Key Process ID: 5064 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 164 Operation ID: {0,918312} Process ID: 5064 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3DA.tmp Handle ID: 3952 Operation ID: {0,918189} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3D9.tmp Handle ID: 3952 Operation ID: {0,918180} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3DA.tmp Handle ID: 3952 Operation ID: {0,918173} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3DA.tmp Handle ID: 3460 Operation ID: {0,918158} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3D9.tmp Handle ID: 3952 Operation ID: {0,918151} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3D9.tmp Handle ID: 4044 Operation ID: {0,918150} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3D9.tmp Handle ID: 4044 Operation ID: {0,918141} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3DA.tmp Handle ID: 4044 Operation ID: {0,918134} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3D9.tmp Handle ID: 4044 Operation ID: {0,918130} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3764 Operation ID: {0,918072} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3952 Operation ID: {0,918027} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4044 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4044 Operation ID: {0,918000} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3D8.tmp Handle ID: 4064 Operation ID: {0,917977} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3D7.tmp Handle ID: 4064 Operation ID: {0,917976} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3D8.tmp Handle ID: 4064 Operation ID: {0,917975} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4068 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4068 Operation ID: {0,917939} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3D8.tmp Handle ID: 3860 Operation ID: {0,917926} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3D7.tmp Handle ID: 4064 Operation ID: {0,917923} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3D7.tmp Handle ID: 3692 Operation ID: {0,917922} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3D7.tmp Handle ID: 3692 Operation ID: {0,917911} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3D8.tmp Handle ID: 3692 Operation ID: {0,917906} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3D7.tmp Handle ID: 3692 Operation ID: {0,917902} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3728 Operation ID: {0,917846} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3976 Operation ID: {0,917753} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1408 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1408 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1408 Operation ID: {0,917725} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3D6.tmp Handle ID: 4004 Operation ID: {0,917661} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3860 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3D5.tmp Handle ID: 3860 Operation ID: {0,917634} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3D6.tmp Handle ID: 4068 Operation ID: {0,917625} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3832 Operation ID: {0,917583} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3D6.tmp Handle ID: 3996 Operation ID: {0,917572} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3D5.tmp Handle ID: 3976 Operation ID: {0,917565} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3D5.tmp Handle ID: 4068 Operation ID: {0,917564} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3D5.tmp Handle ID: 4068 Operation ID: {0,917555} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3D6.tmp Handle ID: 4068 Operation ID: {0,917548} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3D5.tmp Handle ID: 4068 Operation ID: {0,917544} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,917491} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3860 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3D4.tmp Handle ID: 3860 Operation ID: {0,917457} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3860 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3D3.tmp Handle ID: 3860 Operation ID: {0,917452} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3D4.tmp Handle ID: 3860 Operation ID: {0,917447} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3D4.tmp Handle ID: 3648 Operation ID: {0,917434} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3D3.tmp Handle ID: 3860 Operation ID: {0,917431} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3D3.tmp Handle ID: 3692 Operation ID: {0,917430} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3D3.tmp Handle ID: 3692 Operation ID: {0,917419} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3D4.tmp Handle ID: 3692 Operation ID: {0,917416} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3D3.tmp Handle ID: 3692 Operation ID: {0,917412} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,917377} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4028 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4028 Operation ID: {0,917333} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3824 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3824 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3824 Operation ID: {0,917241} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,917242} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4000 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4000 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4000 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4000 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3D2.tmp Handle ID: 4000 Operation ID: {0,917191} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3920 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3920 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3920 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3920 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3D1.tmp Handle ID: 3920 Operation ID: {0,917177} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3920 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3920 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3D2.tmp Handle ID: 3920 Operation ID: {0,917170} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3920 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3920 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3D2.tmp Handle ID: 4044 Operation ID: {0,917148} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3D1.tmp Handle ID: 3920 Operation ID: {0,917137} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3D1.tmp Handle ID: 3976 Operation ID: {0,917136} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3D1.tmp Handle ID: 3976 Operation ID: {0,917118} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3D2.tmp Handle ID: 3976 Operation ID: {0,917115} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3D1.tmp Handle ID: 3976 Operation ID: {0,917065} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3D0.tmp Handle ID: 3976 Operation ID: {0,917101} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3CF.tmp Handle ID: 3976 Operation ID: {0,917092} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3D0.tmp Handle ID: 3976 Operation ID: {0,917083} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3976 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3920 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3976 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3D0.tmp Handle ID: 4044 Operation ID: {0,917070} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3692 Operation ID: {0,917034} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3920 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3CF.tmp Handle ID: 3976 Operation ID: {0,917031} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3CF.tmp Handle ID: 3920 Operation ID: {0,917028} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3CF.tmp Handle ID: 3996 Operation ID: {0,917014} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3D0.tmp Handle ID: 3692 Operation ID: {0,917009} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3CF.tmp Handle ID: 4064 Operation ID: {0,917004} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4068 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4068 Operation ID: {0,916959} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,916885} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,916875} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3764 Operation ID: {0,916819} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3CE.tmp Handle ID: 3996 Operation ID: {0,916790} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3CD.tmp Handle ID: 3996 Operation ID: {0,916785} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3CE.tmp Handle ID: 3996 Operation ID: {0,916780} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3CE.tmp Handle ID: 3764 Operation ID: {0,916767} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3CD.tmp Handle ID: 3996 Operation ID: {0,916764} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3CD.tmp Handle ID: 4028 Operation ID: {0,916763} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3CD.tmp Handle ID: 4028 Operation ID: {0,916754} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3CE.tmp Handle ID: 4028 Operation ID: {0,916750} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3CD.tmp Handle ID: 4028 Operation ID: {0,916744} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3692 Operation ID: {0,916691} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,916633} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3CC.tmp Handle ID: 4064 Operation ID: {0,916591} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3CB.tmp Handle ID: 4064 Operation ID: {0,916586} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3CC.tmp Handle ID: 4064 Operation ID: {0,916581} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3CC.tmp Handle ID: 3460 Operation ID: {0,916568} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3CB.tmp Handle ID: 4064 Operation ID: {0,916565} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3CB.tmp Handle ID: 3692 Operation ID: {0,916564} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3CB.tmp Handle ID: 3692 Operation ID: {0,916555} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3CC.tmp Handle ID: 3692 Operation ID: {0,916552} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3CB.tmp Handle ID: 3692 Operation ID: {0,916548} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3460 Operation ID: {0,916513} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3460 Operation ID: {0,916475} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3460 Operation ID: {0,916427} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4000 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4000 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4000 Operation ID: {0,916364} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3CA.tmp Handle ID: 3460 Operation ID: {0,916323} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3C9.tmp Handle ID: 3460 Operation ID: {0,916314} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3CA.tmp Handle ID: 3460 Operation ID: {0,916307} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3CA.tmp Handle ID: 3832 Operation ID: {0,916290} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3C9.tmp Handle ID: 3460 Operation ID: {0,916285} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3C9.tmp Handle ID: 4028 Operation ID: {0,916284} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3C9.tmp Handle ID: 4028 Operation ID: {0,916273} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3CA.tmp Handle ID: 4028 Operation ID: {0,916270} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3C9.tmp Handle ID: 4028 Operation ID: {0,916264} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3832 Operation ID: {0,916229} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3832 Operation ID: {0,916191} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4000 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4000 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4000 Operation ID: {0,916148} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4064 Operation ID: {0,916091} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3C8.tmp Handle ID: 4028 Operation ID: {0,916066} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3C7.tmp Handle ID: 4028 Operation ID: {0,916059} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3C8.tmp Handle ID: 4028 Operation ID: {0,916054} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3C8.tmp Handle ID: 4064 Operation ID: {0,916039} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3C7.tmp Handle ID: 4028 Operation ID: {0,916036} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3C7.tmp Handle ID: 4048 Operation ID: {0,916035} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3C7.tmp Handle ID: 4048 Operation ID: {0,916026} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3C8.tmp Handle ID: 4048 Operation ID: {0,916023} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3C7.tmp Handle ID: 4048 Operation ID: {0,916018} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4000 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4000 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4000 Operation ID: {0,915964} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4000 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4000 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4000 Operation ID: {0,915880} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3C6.tmp Handle ID: 4064 Operation ID: {0,915836} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3C5.tmp Handle ID: 4064 Operation ID: {0,915827} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3C6.tmp Handle ID: 4064 Operation ID: {0,915820} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3C6.tmp Handle ID: 4048 Operation ID: {0,915803} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3C5.tmp Handle ID: 4064 Operation ID: {0,915798} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3C5.tmp Handle ID: 4044 Operation ID: {0,915797} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3C5.tmp Handle ID: 4044 Operation ID: {0,915786} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3C6.tmp Handle ID: 4044 Operation ID: {0,915783} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3C5.tmp Handle ID: 4044 Operation ID: {0,915775} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4048 Operation ID: {0,915740} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4048 Operation ID: {0,915702} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4000 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4000 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4000 Operation ID: {0,915659} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3C4.tmp Handle ID: 4044 Operation ID: {0,915619} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3C3.tmp Handle ID: 4044 Operation ID: {0,915610} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3C4.tmp Handle ID: 4044 Operation ID: {0,915605} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3C4.tmp Handle ID: 3952 Operation ID: {0,915588} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3C3.tmp Handle ID: 4044 Operation ID: {0,915585} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3C3.tmp Handle ID: 4004 Operation ID: {0,915584} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4004 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3C3.tmp Handle ID: 4004 Operation ID: {0,915575} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3C4.tmp Handle ID: 4004 Operation ID: {0,915572} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4004 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3C3.tmp Handle ID: 4004 Operation ID: {0,915568} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4000 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4000 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4000 Operation ID: {0,915514} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4000 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4000 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4000 Operation ID: {0,915443} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3C2.tmp Handle ID: 3556 Operation ID: {0,915407} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3C1.tmp Handle ID: 3556 Operation ID: {0,915400} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3C2.tmp Handle ID: 3556 Operation ID: {0,915395} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3C2.tmp Handle ID: 3832 Operation ID: {0,915378} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3C1.tmp Handle ID: 3556 Operation ID: {0,915373} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3C1.tmp Handle ID: 4056 Operation ID: {0,915372} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3C1.tmp Handle ID: 4056 Operation ID: {0,915361} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3C2.tmp Handle ID: 4056 Operation ID: {0,915358} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3C1.tmp Handle ID: 4056 Operation ID: {0,915352} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3832 Operation ID: {0,915317} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3832 Operation ID: {0,915281} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3832 Operation ID: {0,915242} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4060 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4060 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4060 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4060 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3C0.tmp Handle ID: 4060 Operation ID: {0,915022} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4060 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4060 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4060 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4060 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3BF.tmp Handle ID: 4060 Operation ID: {0,915017} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4060 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4060 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3C0.tmp Handle ID: 4060 Operation ID: {0,915012} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4060 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4060 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3C0.tmp Handle ID: 4056 Operation ID: {0,914997} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3BF.tmp Handle ID: 4060 Operation ID: {0,914994} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3BF.tmp Handle ID: 3800 Operation ID: {0,914993} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3BF.tmp Handle ID: 3800 Operation ID: {0,914984} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3C0.tmp Handle ID: 3800 Operation ID: {0,914981} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3BF.tmp Handle ID: 3800 Operation ID: {0,914977} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3952 Operation ID: {0,914924} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3952 Operation ID: {0,914853} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3832 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3BE.tmp Handle ID: 3832 Operation ID: {0,914816} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3832 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3BD.tmp Handle ID: 3832 Operation ID: {0,914811} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3BE.tmp Handle ID: 3832 Operation ID: {0,914808} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4060 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4060 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4060 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3BE.tmp Handle ID: 4060 Operation ID: {0,914795} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3BD.tmp Handle ID: 3832 Operation ID: {0,914792} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3BD.tmp Handle ID: 4044 Operation ID: {0,914791} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4044 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3BD.tmp Handle ID: 4044 Operation ID: {0,914780} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3BE.tmp Handle ID: 4044 Operation ID: {0,914775} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4044 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3BD.tmp Handle ID: 4044 Operation ID: {0,914773} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4060 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4060 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4060 Operation ID: {0,914738} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4060 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4060 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4060 Operation ID: {0,914698} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3952 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3952 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3952 Operation ID: {0,914657} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3988 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3988 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3988 Operation ID: {0,914592} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4060 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4060 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4060 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4060 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3BC.tmp Handle ID: 4060 Operation ID: {0,914567} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4060 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4060 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4060 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4060 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3BB.tmp Handle ID: 4060 Operation ID: {0,914562} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4060 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4060 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3BC.tmp Handle ID: 4060 Operation ID: {0,914557} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4060 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3988 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3988 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3988 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4060 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3BC.tmp Handle ID: 3988 Operation ID: {0,914544} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3BB.tmp Handle ID: 4060 Operation ID: {0,914541} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3BB.tmp Handle ID: 3660 Operation ID: {0,914540} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3BB.tmp Handle ID: 3660 Operation ID: {0,914531} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3BC.tmp Handle ID: 3660 Operation ID: {0,914527} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3BB.tmp Handle ID: 3660 Operation ID: {0,914524} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3460 Operation ID: {0,914471} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3460 Operation ID: {0,914403} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4052 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3BA.tmp Handle ID: 4052 Operation ID: {0,914363} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4052 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3B9.tmp Handle ID: 4052 Operation ID: {0,914358} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3BA.tmp Handle ID: 4052 Operation ID: {0,914355} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3972 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4060 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4060 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4060 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3BA.tmp Handle ID: 4060 Operation ID: {0,914342} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3972 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3B9.tmp Handle ID: 4052 Operation ID: {0,914339} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3B9.tmp Handle ID: 3972 Operation ID: {0,914338} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3972 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3972 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3B9.tmp Handle ID: 3972 Operation ID: {0,914327} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3972 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3BA.tmp Handle ID: 3972 Operation ID: {0,914324} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3972 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3B9.tmp Handle ID: 3972 Operation ID: {0,914320} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4060 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4060 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4060 Operation ID: {0,914284} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4060 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4060 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4060 Operation ID: {0,914246} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3460 Operation ID: {0,914205} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3660 Operation ID: {0,914164} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3972 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3972 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3972 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3972 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3B8.tmp Handle ID: 3972 Operation ID: {0,914143} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3972 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3972 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3972 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3972 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3B7.tmp Handle ID: 3972 Operation ID: {0,914142} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3972 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3972 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3B8.tmp Handle ID: 3972 Operation ID: {0,914141} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3972 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3972 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3B8.tmp Handle ID: 3660 Operation ID: {0,914140} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3B7.tmp Handle ID: 3972 Operation ID: {0,914139} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3B7.tmp Handle ID: 4012 Operation ID: {0,914138} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3B7.tmp Handle ID: 4012 Operation ID: {0,914133} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3B8.tmp Handle ID: 4012 Operation ID: {0,914130} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3B7.tmp Handle ID: 4012 Operation ID: {0,914126} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3460 Operation ID: {0,914073} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3460 Operation ID: {0,914004} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3B6.tmp Handle ID: 3660 Operation ID: {0,913958} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3B5.tmp Handle ID: 3660 Operation ID: {0,913953} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3B6.tmp Handle ID: 3660 Operation ID: {0,913948} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4028 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3B6.tmp Handle ID: 4028 Operation ID: {0,913935} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3B5.tmp Handle ID: 3660 Operation ID: {0,913932} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3B5.tmp Handle ID: 4052 Operation ID: {0,913931} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3B5.tmp Handle ID: 4052 Operation ID: {0,913920} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3B6.tmp Handle ID: 4052 Operation ID: {0,913915} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3B5.tmp Handle ID: 4052 Operation ID: {0,913913} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4012 Operation ID: {0,913878} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3460 Operation ID: {0,913844} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3460 Operation ID: {0,913805} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4012 Operation ID: {0,913489} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3960 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3960 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3960 Operation ID: {0,913446} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3800 Operation ID: {0,913223} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4012 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3B4.tmp Handle ID: 4012 Operation ID: {0,913194} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4012 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3B3.tmp Handle ID: 4012 Operation ID: {0,913189} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3B4.tmp Handle ID: 4012 Operation ID: {0,913184} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3800 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3800 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3B4.tmp Handle ID: 3800 Operation ID: {0,913169} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3B3.tmp Handle ID: 4012 Operation ID: {0,913166} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3B3.tmp Handle ID: 4052 Operation ID: {0,913165} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3B3.tmp Handle ID: 4052 Operation ID: {0,913156} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3B4.tmp Handle ID: 4052 Operation ID: {0,913153} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3B3.tmp Handle ID: 4052 Operation ID: {0,913149} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3960 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3960 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3960 Operation ID: {0,913096} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4060 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4060 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4060 Operation ID: {0,913030} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3B2.tmp Handle ID: 3660 Operation ID: {0,912987} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3B1.tmp Handle ID: 3660 Operation ID: {0,912982} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3B2.tmp Handle ID: 3660 Operation ID: {0,912977} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3B2.tmp Handle ID: 3460 Operation ID: {0,912964} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3B1.tmp Handle ID: 3660 Operation ID: {0,912961} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3B1.tmp Handle ID: 3724 Operation ID: {0,912960} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3B1.tmp Handle ID: 3724 Operation ID: {0,912949} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3B2.tmp Handle ID: 3724 Operation ID: {0,912946} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3B1.tmp Handle ID: 3724 Operation ID: {0,912942} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3460 Operation ID: {0,912907} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3460 Operation ID: {0,912790} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4016 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4016 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4016 Operation ID: {0,912747} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3B0.tmp Handle ID: 3724 Operation ID: {0,912513} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3AF.tmp Handle ID: 3724 Operation ID: {0,912506} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3B0.tmp Handle ID: 3724 Operation ID: {0,912496} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3B0.tmp Handle ID: 3460 Operation ID: {0,912379} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3AF.tmp Handle ID: 3724 Operation ID: {0,912375} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3AF.tmp Handle ID: 3660 Operation ID: {0,912373} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3AF.tmp Handle ID: 3660 Operation ID: {0,912354} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3B0.tmp Handle ID: 3660 Operation ID: {0,912346} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3AF.tmp Handle ID: 3660 Operation ID: {0,912333} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4016 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4016 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4016 Operation ID: {0,912243} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3828 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3828 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3828 Operation ID: {0,912166} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4020 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4020 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3AE.tmp Handle ID: 4020 Operation ID: {0,912133} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4020 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4020 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3AD.tmp Handle ID: 4020 Operation ID: {0,912128} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4020 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3AE.tmp Handle ID: 4020 Operation ID: {0,912123} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4020 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3980 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3980 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3980 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4020 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3AE.tmp Handle ID: 3980 Operation ID: {0,912110} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:49:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3AD.tmp Handle ID: 4020 Operation ID: {0,912107} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3AD.tmp Handle ID: 4040 Operation ID: {0,912106} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3AD.tmp Handle ID: 4040 Operation ID: {0,912095} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3AE.tmp Handle ID: 4040 Operation ID: {0,912092} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3AD.tmp Handle ID: 4040 Operation ID: {0,912088} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3980 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3980 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3980 Operation ID: {0,912053} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3980 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3980 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3980 Operation ID: {0,912015} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3980 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3980 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3980 Operation ID: {0,911974} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4076 Operation ID: {0,911084} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4076 Operation ID: {0,911034} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4076 Operation ID: {0,910995} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4076 Operation ID: {0,910422} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4076 Operation ID: {0,910372} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4076 Operation ID: {0,910333} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4076 Operation ID: {0,910295} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4076 Operation ID: {0,910253} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4076 Operation ID: {0,910215} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4076 Operation ID: {0,910166} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4076 Operation ID: {0,910123} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4076 Operation ID: {0,909697} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4076 Operation ID: {0,908966} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4076 Operation ID: {0,908921} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4076 Operation ID: {0,908883} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4076 Operation ID: {0,908843} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4076 Operation ID: {0,908615} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4076 Operation ID: {0,908577} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4076 Operation ID: {0,908537} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4076 Operation ID: {0,908494} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4008 Operation ID: {0,908447} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4008 Operation ID: {0,908409} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4008 Operation ID: {0,908372} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4008 Operation ID: {0,908331} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4008 Operation ID: {0,908286} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4008 Operation ID: {0,908248} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4008 Operation ID: {0,908208} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4008 Operation ID: {0,908170} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4008 Operation ID: {0,908106} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4008 Operation ID: {0,907895} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4008 Operation ID: {0,907858} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4008 Operation ID: {0,907816} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4008 Operation ID: {0,907603} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4008 Operation ID: {0,907215} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4008 Operation ID: {0,907175} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4008 Operation ID: {0,907135} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4008 Operation ID: {0,907097} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4008 Operation ID: {0,906886} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4008 Operation ID: {0,906676} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4008 Operation ID: {0,906463} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4008 Operation ID: {0,906425} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,906060} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,905720} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,905681} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,905633} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,905595} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,905557} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,905519} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,905481} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,905440} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,905401} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,905357} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,905304} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,905265} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,905227} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,905189} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,905148} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,903596} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,903556} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,903513} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,903473} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,903434} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,903396} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,903181} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,902341} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,900824} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,900781} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,900572} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,900189} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,900151} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,899939} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,899730} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,899161} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,899118} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,898695} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,898305} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,898269} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,898233} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,898197} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,898161} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,898125} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,898089} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,898053} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,898017} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,897981} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,897942} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,897803} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3960 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3960 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3960 Operation ID: {0,896736} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3960 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3960 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3960 Operation ID: {0,896353} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3960 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3960 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3960 Operation ID: {0,896315} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3960 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3960 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3960 Operation ID: {0,895687} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3960 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3960 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3960 Operation ID: {0,895477} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3960 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3960 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3960 Operation ID: {0,895430} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3960 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3960 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3960 Operation ID: {0,895387} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,895176} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,894793} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,894751} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,894708} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3912 Operation ID: {0,894269} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3960 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3960 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3960 Operation ID: {0,894225} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3988 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3988 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 3988 Operation ID: {0,894083} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,893502} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,893108} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,893058} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,892005} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,891964} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,891744} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,891706} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,891132} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,891081} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,891042} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,891004} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,890966} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,890406} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3956 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:05 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3956 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:05 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3956 Operation ID: {0,890368} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4036 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4036 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4036 Operation ID: {0,888458} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4036 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4036 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4036 Operation ID: {0,887659} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4036 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4036 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4036 Operation ID: {0,887607} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4036 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4036 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4036 Operation ID: {0,887555} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4036 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4036 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4036 Operation ID: {0,887503} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4036 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4036 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4036 Operation ID: {0,887451} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4036 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4036 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4036 Operation ID: {0,887399} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4036 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4036 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4036 Operation ID: {0,887347} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4036 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4036 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4036 Operation ID: {0,887287} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4036 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4036 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4036 Operation ID: {0,887235} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4036 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4036 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4036 Operation ID: {0,887183} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4036 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4036 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4036 Operation ID: {0,887131} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4036 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4036 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4036 Operation ID: {0,887079} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4036 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4036 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4036 Operation ID: {0,887027} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4036 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4036 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4036 Operation ID: {0,886975} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4036 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4036 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4036 Operation ID: {0,886923} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4036 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4036 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4036 Operation ID: {0,886869} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4036 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4036 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4036 Operation ID: {0,886817} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4036 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4036 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4036 Operation ID: {0,886765} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4036 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4036 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4036 Operation ID: {0,886713} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4036 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4036 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4036 Operation ID: {0,886661} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 464 Process ID: 4892 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:49:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 464 Object Type: Key Process ID: 4892 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 464 Operation ID: {0,882709} Process ID: 4892 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 176 Process ID: 4892 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:49:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 176 Object Type: Key Process ID: 4892 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 176 Operation ID: {0,882337} Process ID: 4892 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 164 Process ID: 4892 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:49:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 164 Object Type: Key Process ID: 4892 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 164 Operation ID: {0,882276} Process ID: 4892 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:49:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1144 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:49:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1144 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1144 Operation ID: {0,881813} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4028 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4028 Operation ID: {0,881182} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4072 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4072 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4072 Operation ID: {0,876617} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4072 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4072 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4072 Operation ID: {0,876599} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4072 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4072 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4072 Operation ID: {0,876581} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4072 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4072 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4072 Operation ID: {0,876561} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4072 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4072 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4072 Operation ID: {0,876543} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4072 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4072 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4072 Operation ID: {0,876525} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4072 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4072 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4072 Operation ID: {0,876507} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4072 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4072 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4072 Operation ID: {0,876489} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4072 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4072 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4072 Operation ID: {0,876471} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4072 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4072 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4072 Operation ID: {0,876453} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4072 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4072 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4072 Operation ID: {0,876435} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4072 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4072 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4072 Operation ID: {0,876417} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4072 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4072 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4072 Operation ID: {0,876399} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4072 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4072 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4072 Operation ID: {0,876381} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4072 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4072 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4072 Operation ID: {0,876363} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4072 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4072 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4072 Operation ID: {0,876341} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4072 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4072 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4072 Operation ID: {0,876323} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4072 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4072 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4072 Operation ID: {0,876305} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4072 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4072 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4072 Operation ID: {0,876287} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4072 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4072 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4072 Operation ID: {0,876269} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4072 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4072 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4072 Operation ID: {0,876251} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4072 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4072 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4072 Operation ID: {0,876233} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3828 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3828 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Set key value Access Mask: 0x2 " 4/17/2020 11:49:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 3828 Operation ID: {0,875552} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE READ_CONTROL WRITE_DAC WRITE_OWNER Query key value Set key value Create sub-key Enumerate sub-keys Notify about changes to keys Create Link Privileges: SeTakeOwnershipPrivilege Restricted Sid Count: 0 Access Mask: 0xF003F " 4/17/2020 11:49:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3980 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:49:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3980 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\SubSystems Handle ID: 3980 Operation ID: {0,868464} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:49:01 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 176 Process ID: 3860 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:49:01 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 176 Object Type: Key Process ID: 3860 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:01 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 176 Operation ID: {0,868144} Process ID: 3860 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:01 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 164 Process ID: 3860 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:49:01 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 164 Object Type: Key Process ID: 3860 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:01 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 164 Operation ID: {0,868081} Process ID: 3860 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:49:01 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 244 Process ID: 1196 Image File Name: C:\WINDOWS\system32\certutil.exe " 4/17/2020 11:49:01 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 244 Object Type: Key Process ID: 1196 Image File Name: C:\WINDOWS\system32\certutil.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:01 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 244 Operation ID: {0,867855} Process ID: 1196 Image File Name: C:\WINDOWS\system32\certutil.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:01 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 132 Process ID: 1196 Image File Name: C:\WINDOWS\system32\certutil.exe " 4/17/2020 11:49:01 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 132 Object Type: Key Process ID: 1196 Image File Name: C:\WINDOWS\system32\certutil.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:01 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 132 Operation ID: {0,867545} Process ID: 1196 Image File Name: C:\WINDOWS\system32\certutil.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:01 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 128 Process ID: 1196 Image File Name: C:\WINDOWS\system32\certutil.exe " 4/17/2020 11:49:01 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 128 Object Type: Key Process ID: 1196 Image File Name: C:\WINDOWS\system32\certutil.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:01 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 128 Operation ID: {0,867527} Process ID: 1196 Image File Name: C:\WINDOWS\system32\certutil.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:49:01 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 244 Process ID: 4528 Image File Name: C:\WINDOWS\system32\certutil.exe " 4/17/2020 11:49:01 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 244 Object Type: Key Process ID: 4528 Image File Name: C:\WINDOWS\system32\certutil.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:01 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 244 Operation ID: {0,867212} Process ID: 4528 Image File Name: C:\WINDOWS\system32\certutil.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:01 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 132 Process ID: 4528 Image File Name: C:\WINDOWS\system32\certutil.exe " 4/17/2020 11:49:01 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 132 Object Type: Key Process ID: 4528 Image File Name: C:\WINDOWS\system32\certutil.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:01 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 132 Operation ID: {0,866427} Process ID: 4528 Image File Name: C:\WINDOWS\system32\certutil.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:01 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 128 Process ID: 4528 Image File Name: C:\WINDOWS\system32\certutil.exe " 4/17/2020 11:49:01 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 128 Object Type: Key Process ID: 4528 Image File Name: C:\WINDOWS\system32\certutil.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:01 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 128 Operation ID: {0,866411} Process ID: 4528 Image File Name: C:\WINDOWS\system32\certutil.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:49:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 124 Process ID: 2200 Image File Name: C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpsvc.exe " 4/17/2020 11:49:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 124 Object Type: Key Process ID: 2200 Image File Name: C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpsvc.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 124 Operation ID: {0,864738} Process ID: 2200 Image File Name: C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpsvc.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:49:00 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 116 Process ID: 2200 Image File Name: C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpsvc.exe " 4/17/2020 11:49:00 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 116 Object Type: Key Process ID: 2200 Image File Name: C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpsvc.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:49:00 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 116 Operation ID: {0,862832} Process ID: 2200 Image File Name: C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpsvc.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:48:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3900 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3900 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3900 Operation ID: {0,862129} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3828 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3828 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3828 Operation ID: {0,860004} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:52 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 436 Process ID: 4580 Image File Name: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-23UQ9.tmp\mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.tmp " 4/17/2020 11:48:52 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 436 Object Type: Key Process ID: 4580 Image File Name: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-23UQ9.tmp\mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.tmp Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:52 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 436 Operation ID: {0,854847} Process ID: 4580 Image File Name: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-23UQ9.tmp\mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.tmp Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:52 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 436 Process ID: 4580 Image File Name: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-23UQ9.tmp\mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.tmp " 4/17/2020 11:48:52 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 436 Object Type: Key Process ID: 4580 Image File Name: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-23UQ9.tmp\mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.tmp Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:52 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 436 Operation ID: {0,853215} Process ID: 4580 Image File Name: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-23UQ9.tmp\mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.tmp Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:52 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 436 Process ID: 4580 Image File Name: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-23UQ9.tmp\mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.tmp " 4/17/2020 11:48:52 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 436 Object Type: Key Process ID: 4580 Image File Name: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-23UQ9.tmp\mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.tmp Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:52 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 436 Operation ID: {0,853210} Process ID: 4580 Image File Name: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-23UQ9.tmp\mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.tmp Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:52 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 436 Process ID: 4580 Image File Name: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-23UQ9.tmp\mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.tmp " 4/17/2020 11:48:52 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 436 Object Type: Key Process ID: 4580 Image File Name: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-23UQ9.tmp\mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.tmp Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:52 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 436 Operation ID: {0,853167} Process ID: 4580 Image File Name: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-23UQ9.tmp\mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.tmp Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:52 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 436 Process ID: 4580 Image File Name: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-23UQ9.tmp\mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.tmp " 4/17/2020 11:48:52 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 436 Object Type: Key Process ID: 4580 Image File Name: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-23UQ9.tmp\mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.tmp Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:52 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 436 Operation ID: {0,853158} Process ID: 4580 Image File Name: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-23UQ9.tmp\mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.tmp Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:52 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 436 Process ID: 4580 Image File Name: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-23UQ9.tmp\mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.tmp " 4/17/2020 11:48:52 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 436 Object Type: Key Process ID: 4580 Image File Name: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-23UQ9.tmp\mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.tmp Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:52 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 436 Operation ID: {0,853153} Process ID: 4580 Image File Name: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-23UQ9.tmp\mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.tmp Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:52 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 436 Process ID: 4580 Image File Name: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-23UQ9.tmp\mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.tmp " 4/17/2020 11:48:52 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 436 Object Type: Key Process ID: 4580 Image File Name: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-23UQ9.tmp\mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.tmp Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:52 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 436 Operation ID: {0,853131} Process ID: 4580 Image File Name: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-23UQ9.tmp\mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.tmp Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:52 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,850581} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,850563} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,850545} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,850525} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,850507} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,850489} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,850471} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,850453} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,850435} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,850417} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,850399} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,850381} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,850363} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,850345} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,850327} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,850305} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,850287} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,850269} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,850251} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,850233} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,850215} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,850197} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3820 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3820 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Set key value Access Mask: 0x2 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3820 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 3820 Operation ID: {0,850182} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Set key value Create sub-key Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x2001F " 4/17/2020 11:48:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3820 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3820 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 3820 Operation ID: {0,850177} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Set key value Create sub-key Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x2001F " 4/17/2020 11:48:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3820 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3820 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Set key value Access Mask: 0x2 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3820 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 3820 Operation ID: {0,850164} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Set key value Create sub-key Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x2001F " 4/17/2020 11:48:51 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3820 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:51 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3820 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:51 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 3820 Operation ID: {0,850163} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Set key value Create sub-key Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x2001F " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3880 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3884 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3884 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3884 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3884 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\conhost.exe Handle ID: 3884 Operation ID: {0,806855} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3884 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3884 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\conhost.exe Handle ID: 3884 Operation ID: {0,806848} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE WriteAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x100100 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3884 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3884 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\conhost.exe Handle ID: 3884 Operation ID: {0,806838} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3884 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3884 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Set key value Access Mask: 0x2 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3884 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 3884 Operation ID: {0,805729} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Set key value Create sub-key Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x2001F " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3884 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3884 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 3884 Operation ID: {0,805728} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Set key value Create sub-key Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x2001F " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Set key value Access Mask: 0x2 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 3544 Operation ID: {0,805433} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Set key value Create sub-key Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x2001F " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 3544 Operation ID: {0,805432} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Set key value Create sub-key Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x2001F " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Set key value Access Mask: 0x2 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 3544 Operation ID: {0,805421} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Set key value Create sub-key Privileges: - Restricted Sid Count: 0 Access Mask: 0x20006 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\xuzNLXRB_WR_.tmp Handle ID: 3436 Operation ID: {0,805391} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x130089 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 563 NT AUTHORITY\SYSTEM AERODB "Object Open for Delete: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\xuzNLXRB_WR_.tmp Handle ID: - Operation ID: {0,805391} Process ID: 680 Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: - Privileges: - Access Mask: 0x0 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,805373} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,805355} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,805337} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,805317} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,805299} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,805281} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,805263} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,805245} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,805227} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,805209} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,805191} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,805173} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,805155} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,805137} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,805119} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,805097} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,805079} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,805061} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,805043} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,805025} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,805007} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,804989} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,804925} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,804907} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,804889} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,804869} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,804851} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,804833} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,804815} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,804797} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,804779} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,804761} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,804743} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,804725} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,804707} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,804689} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,804671} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,804649} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,804631} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,804613} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,804595} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,804577} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,804559} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,804541} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Set key value Access Mask: 0x2 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 3544 Operation ID: {0,803911} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE READ_CONTROL WRITE_DAC WRITE_OWNER Query key value Set key value Create sub-key Enumerate sub-keys Notify about changes to keys Create Link Privileges: SeTakeOwnershipPrivilege Restricted Sid Count: 0 Access Mask: 0xF003F " 4/17/2020 11:48:49 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:49 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:49 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\SubSystems Handle ID: 3544 Operation ID: {0,802033} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:48:48 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 352 Process ID: 4580 Image File Name: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-23UQ9.tmp\mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.tmp " 4/17/2020 11:48:48 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 352 Object Type: Key Process ID: 4580 Image File Name: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-23UQ9.tmp\mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.tmp Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:48 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 352 Operation ID: {0,800153} Process ID: 4580 Image File Name: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-23UQ9.tmp\mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.tmp Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:46 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:46 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 148 Process ID: 4580 Image File Name: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-23UQ9.tmp\mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.tmp " 4/17/2020 11:48:46 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 148 Object Type: Key Process ID: 4580 Image File Name: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-23UQ9.tmp\mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.tmp Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:46 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 148 Operation ID: {0,791553} Process ID: 4580 Image File Name: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-23UQ9.tmp\mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.tmp Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:46 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 120 Process ID: 4580 Image File Name: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-23UQ9.tmp\mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.tmp " 4/17/2020 11:48:46 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 120 Object Type: Key Process ID: 4580 Image File Name: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-23UQ9.tmp\mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.tmp Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:46 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 120 Operation ID: {0,791534} Process ID: 4580 Image File Name: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-23UQ9.tmp\mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.tmp Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:48:46 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 128 Process ID: 4164 Image File Name: C:\Documents and Settings\Administrator\My Documents\Downloads\mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.exe " 4/17/2020 11:48:46 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 128 Object Type: Key Process ID: 4164 Image File Name: C:\Documents and Settings\Administrator\My Documents\Downloads\mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:46 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 128 Operation ID: {0,791118} Process ID: 4164 Image File Name: C:\Documents and Settings\Administrator\My Documents\Downloads\mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:46 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 120 Process ID: 4164 Image File Name: C:\Documents and Settings\Administrator\My Documents\Downloads\mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.exe " 4/17/2020 11:48:46 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 120 Object Type: Key Process ID: 4164 Image File Name: C:\Documents and Settings\Administrator\My Documents\Downloads\mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:46 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 120 Operation ID: {0,791100} Process ID: 4164 Image File Name: C:\Documents and Settings\Administrator\My Documents\Downloads\mb3-setup-legacywos-3.5.1.2522-1.0.365-1.0.5292.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,789527} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,789509} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,789491} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,789471} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,789453} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,789435} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,789417} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,789399} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,789381} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,789363} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,789345} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,789327} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,789309} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,789291} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,789273} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,789251} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,789233} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,789215} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,789197} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,789179} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,789161} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,789143} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3792 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3792 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Set key value Access Mask: 0x2 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3792 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 3792 Operation ID: {0,789130} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Set key value Create sub-key Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x2001F " 4/17/2020 11:48:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3792 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3792 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 3792 Operation ID: {0,789129} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Set key value Create sub-key Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x2001F " 4/17/2020 11:48:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3792 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3792 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Set key value Access Mask: 0x2 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3792 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 3792 Operation ID: {0,789118} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Set key value Create sub-key Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x2001F " 4/17/2020 11:48:45 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3792 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:45 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3792 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:45 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 3792 Operation ID: {0,789117} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Set key value Create sub-key Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x2001F " 4/17/2020 11:48:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3732 Operation ID: {0,771984} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe " 4/17/2020 11:48:42 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: Key Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2044 Operation ID: {0,765812} Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe " 4/17/2020 11:48:42 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: Key Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2044 Operation ID: {0,765773} Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe " 4/17/2020 11:48:42 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: Key Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2044 Operation ID: {0,765734} Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2044 Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe " 4/17/2020 11:48:42 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2044 Object Type: Key Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2044 Operation ID: {0,765235} Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2060 Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe " 4/17/2020 11:48:42 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2060 Object Type: Key Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2060 Operation ID: {0,764195} Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2060 Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe " 4/17/2020 11:48:42 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2060 Object Type: Key Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2060 Operation ID: {0,764155} Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2060 Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe " 4/17/2020 11:48:42 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2060 Object Type: Key Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2060 Operation ID: {0,764111} Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2136 Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe " 4/17/2020 11:48:42 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2136 Object Type: Key Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2136 Operation ID: {0,764068} Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2120 Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe " 4/17/2020 11:48:42 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2120 Object Type: Key Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2120 Operation ID: {0,761665} Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\SubSystems Handle ID: 3736 Operation ID: {0,749078} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2032 Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe " 4/17/2020 11:48:42 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2032 Object Type: Key Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2032 Operation ID: {0,747819} Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,747195} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,747159} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,747123} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,747087} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,747051} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,747015} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,746979} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,746943} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,746907} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,746869} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,746833} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,746797} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,746761} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,746725} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,746689} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:42 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2032 Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe " 4/17/2020 11:48:42 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2032 Object Type: Key Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2032 Operation ID: {0,746624} Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1864 Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe " 4/17/2020 11:48:42 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1864 Object Type: Key Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1864 Operation ID: {0,746037} Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,741724} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,741688} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,741651} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,741615} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1856 Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 1856 Operation ID: {0,740992} Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: AERODB$ Client Domain: AIS Client Logon ID: (0x0,0x3E7) Accesses: READ_CONTROL ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x20088 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,724013} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,723975} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,723939} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,723903} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,723867} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,723831} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,723795} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,723759} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,723723} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,723687} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,723651} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,723614} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3732 Operation ID: {0,722836} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,722796} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,722760} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,722724} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,722688} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,722652} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,722616} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,722580} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,722544} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,722508} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,722470} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,722434} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,722398} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,722362} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,722326} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,722290} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,722254} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,722218} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,722182} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,722146} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3732 Operation ID: {0,721366} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,721325} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,721289} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,721253} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,721217} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,721181} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,721145} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,721109} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,721073} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,721037} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,720999} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,720963} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,720927} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,720891} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,720855} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,720819} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,720783} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,720747} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,720711} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,720675} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3732 Operation ID: {0,719898} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,719858} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,719822} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,719786} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,719750} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,719714} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,719678} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,719642} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,719606} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,719570} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,719532} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,719496} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,719460} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,719424} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,719388} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,719352} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,719316} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,719280} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,719244} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,719208} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,717295} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,717257} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,717221} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,717185} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,717149} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,717113} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,717077} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,717035} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,716999} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,716963} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,716917} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,716880} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3728 Operation ID: {0,716093} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,716053} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,716017} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,715981} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,715945} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,715909} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,715873} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,715831} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,715795} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,715759} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,715721} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,715685} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,715649} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,715613} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,715577} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,715541} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,715505} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,715469} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,715433} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,715397} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3760 Operation ID: {0,715187} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3760 Operation ID: {0,714980} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3760 Operation ID: {0,714772} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,714385} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,714349} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,714313} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,714277} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,714241} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,714199} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,714163} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,714127} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,714091} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,714053} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,714017} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,713981} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,713945} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,713909} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,713873} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,713837} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,713801} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,713761} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,713725} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,713688} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,713650} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,713614} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,713578} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,713542} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,713506} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,713470} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,713434} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,713398} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,713362} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,713324} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,712775} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,712738} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,712699} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,712662} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3676 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3676 Operation ID: {0,711884} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3676 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3676 Operation ID: {0,711847} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3676 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3676 Operation ID: {0,711811} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3676 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3676 Operation ID: {0,711774} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,710325} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,710289} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,710253} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,710217} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,710176} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,710139} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,710099} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,710063} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,710027} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,709989} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,709953} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,709917} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,709881} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,709845} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,709809} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,709773} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,709737} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,709701} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,709662} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3760 Operation ID: {0,704010} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3760 Operation ID: {0,703974} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3760 Operation ID: {0,703938} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3760 Operation ID: {0,703902} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3760 Operation ID: {0,703866} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3760 Operation ID: {0,703830} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3760 Operation ID: {0,703794} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3760 Operation ID: {0,703758} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3760 Operation ID: {0,703722} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3760 Operation ID: {0,703686} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,703649} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,703611} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,703573} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,703535} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,703494} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,703456} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,703418} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,703380} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,703342} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,703304} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,703266} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,703221} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2524 Operation ID: {0,702712} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2524 Operation ID: {0,702674} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2524 Operation ID: {0,702636} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2524 Operation ID: {0,702598} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2524 Operation ID: {0,702560} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2524 Operation ID: {0,702522} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2524 Operation ID: {0,702484} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2524 Operation ID: {0,702446} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2524 Operation ID: {0,702327} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2524 Operation ID: {0,702289} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2524 Operation ID: {0,702250} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2524 Operation ID: {0,702209} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2524 Operation ID: {0,702171} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2524 Operation ID: {0,702133} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2524 Operation ID: {0,702095} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2524 Operation ID: {0,702057} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2524 Operation ID: {0,702019} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2524 Operation ID: {0,701981} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2524 Operation ID: {0,701943} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2524 Operation ID: {0,701904} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2524 Operation ID: {0,701866} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2524 Operation ID: {0,701828} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2524 Operation ID: {0,701790} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2524 Operation ID: {0,701752} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2524 Operation ID: {0,701714} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2524 Operation ID: {0,701676} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2524 Operation ID: {0,701638} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2524 Operation ID: {0,701599} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,701326} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,701288} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,701250} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,701212} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,701174} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,701136} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,701097} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,701059} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,701021} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,700983} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,700945} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,700907} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,700869} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,700831} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,700793} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,700755} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,700716} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,700678} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,700640} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,700602} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,700564} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,700526} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,700488} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,700450} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,700407} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,700369} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,700331} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,700293} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,700256} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,700220} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,700184} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,700148} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,700112} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,700075} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,700039} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,700003} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,699967} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,699931} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,699893} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,699855} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,699817} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,699779} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,699741} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,699700} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,699662} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,699624} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,699586} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,699548} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,699510} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,699472} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,699423} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,699385} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,699347} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,699309} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,699271} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,699232} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,699196} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,699160} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,699124} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,699088} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,699052} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,699016} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,698980} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,698944} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,698908} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,698870} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,698832} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,698794} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,698756} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,698718} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,698680} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,698642} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,698604} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,698566} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,698525} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,698487} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,698449} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,698411} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,698373} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,698335} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,698297} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,698259} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,698221} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,698182} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,698144} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,698106} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,698068} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,698030} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,697992} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,697951} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,697913} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,697875} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,697837} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,697799} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,697761} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,697723} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,697685} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,697647} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,697609} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,697571} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,697528} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,697490} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,697452} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,697413} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,697375} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,697337} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,697299} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,697261} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,697223} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,697185} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,697147} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,697109} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,697071} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,697033} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,696995} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,696956} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,696918} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,696880} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,696842} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,696804} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,696744} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,696706} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,696668} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,696630} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,696592} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,696554} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,696516} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,696478} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,696439} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,696401} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,696363} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,696325} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,696287} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,696249} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,696211} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,696173} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,696135} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,696097} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,696057} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,696019} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,695981} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,695943} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,695905} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,695867} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,695829} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,695791} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,695753} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,695715} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,695677} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,695639} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,695601} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,695563} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,695525} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,695487} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,695449} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,695411} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,695370} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,695332} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,695294} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,695255} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\conhost.exe Handle ID: 3416 Operation ID: {0,694684} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\conhost.exe Handle ID: 3416 Operation ID: {0,694677} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE WriteAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x100100 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\conhost.exe Handle ID: 3416 Operation ID: {0,694669} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,694448} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,694336} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,694298} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,694260} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,694222} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,694184} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,694146} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,693993} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,693955} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,693916} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,693878} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,693840} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,693802} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,693763} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,693725} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,693686} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,693648} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,693610} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,693572} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,693534} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,693495} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,693457} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,693419} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,693381} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,693343} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,693305} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,693267} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,693229} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,693191} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,693153} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,693112} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,693074} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,693036} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,692997} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,692954} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,692909} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,692865} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,692826} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3724 Operation ID: {0,692750} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3724 Operation ID: {0,692712} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3724 Operation ID: {0,692674} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3724 Operation ID: {0,692636} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3724 Operation ID: {0,692598} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3660 Operation ID: {0,692526} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3744 Operation ID: {0,692144} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3744 Operation ID: {0,691871} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,691737} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3AC.tmp Handle ID: 2524 Operation ID: {0,691547} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3AB.tmp Handle ID: 2524 Operation ID: {0,691538} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3AC.tmp Handle ID: 2524 Operation ID: {0,691531} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3796 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3AC.tmp Handle ID: 3692 Operation ID: {0,691514} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3796 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3AB.tmp Handle ID: 2524 Operation ID: {0,691509} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3AB.tmp Handle ID: 3796 Operation ID: {0,691508} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3796 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3796 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3AB.tmp Handle ID: 3796 Operation ID: {0,691494} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3796 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3AC.tmp Handle ID: 3796 Operation ID: {0,691491} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3796 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3AB.tmp Handle ID: 3796 Operation ID: {0,691485} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3728 Operation ID: {0,691413} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3728 Operation ID: {0,691165} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Set key value Access Mask: 0x2 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 3484 Operation ID: {0,691144} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Set key value Create sub-key Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x2001F " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 3484 Operation ID: {0,691143} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Set key value Create sub-key Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x2001F " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3772 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3772 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3AA.tmp Handle ID: 3772 Operation ID: {0,691111} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3772 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3772 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3A9.tmp Handle ID: 3772 Operation ID: {0,691110} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3772 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3AA.tmp Handle ID: 3772 Operation ID: {0,691109} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3536 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3716 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3716 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3772 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3AA.tmp Handle ID: 3716 Operation ID: {0,691108} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3536 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3A9.tmp Handle ID: 3772 Operation ID: {0,691107} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3A9.tmp Handle ID: 3536 Operation ID: {0,691106} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3536 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3536 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3A9.tmp Handle ID: 3536 Operation ID: {0,691103} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3536 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3AA.tmp Handle ID: 3536 Operation ID: {0,691102} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3536 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3A9.tmp Handle ID: 3536 Operation ID: {0,691098} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Set key value Access Mask: 0x2 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 3672 Operation ID: {0,691072} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Set key value Create sub-key Privileges: - Restricted Sid Count: 0 Access Mask: 0x20006 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\uIkfBYpx_WR_.tmp Handle ID: 2540 Operation ID: {0,691030} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x130089 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 563 NT AUTHORITY\SYSTEM AERODB "Object Open for Delete: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\uIkfBYpx_WR_.tmp Handle ID: - Operation ID: {0,691030} Process ID: 680 Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: - Privileges: - Access Mask: 0x0 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3716 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3716 Operation ID: {0,691026} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,690987} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,690969} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,690951} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,690931} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,690913} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,690895} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,690877} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,690859} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,690841} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,690823} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,690805} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,690787} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,690769} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,690751} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,690733} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3716 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3716 Operation ID: {0,690702} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,690703} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3484 Operation ID: {0,690656} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3748 Operation ID: {0,690637} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3748 Operation ID: {0,690619} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3748 Operation ID: {0,690601} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3748 Operation ID: {0,690583} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3748 Operation ID: {0,690565} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3748 Operation ID: {0,690547} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3432 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,690440} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3A8.tmp Handle ID: 3672 Operation ID: {0,690411} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3A7.tmp Handle ID: 3672 Operation ID: {0,690402} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3A8.tmp Handle ID: 3672 Operation ID: {0,690395} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3796 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3536 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3536 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3536 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3A8.tmp Handle ID: 3536 Operation ID: {0,690380} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3796 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3A7.tmp Handle ID: 3672 Operation ID: {0,690373} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3A7.tmp Handle ID: 3796 Operation ID: {0,690372} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3796 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3796 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3A7.tmp Handle ID: 3796 Operation ID: {0,690363} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3796 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3A8.tmp Handle ID: 3796 Operation ID: {0,690358} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3796 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3A7.tmp Handle ID: 3796 Operation ID: {0,690352} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3460 Operation ID: {0,690299} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3460 Operation ID: {0,690236} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3772 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3772 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3A6.tmp Handle ID: 3772 Operation ID: {0,690198} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3772 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3772 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3A5.tmp Handle ID: 3772 Operation ID: {0,690189} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3772 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3A6.tmp Handle ID: 3772 Operation ID: {0,690182} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3772 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3A6.tmp Handle ID: 3672 Operation ID: {0,690165} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3A5.tmp Handle ID: 3772 Operation ID: {0,690160} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3A5.tmp Handle ID: 3724 Operation ID: {0,690159} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3A5.tmp Handle ID: 3724 Operation ID: {0,690148} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3A6.tmp Handle ID: 3724 Operation ID: {0,690145} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3A5.tmp Handle ID: 3724 Operation ID: {0,690139} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3672 Operation ID: {0,690104} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3672 Operation ID: {0,690066} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3460 Operation ID: {0,690023} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3796 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3796 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3796 Operation ID: {0,689975} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3A4.tmp Handle ID: 3724 Operation ID: {0,689948} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3A3.tmp Handle ID: 3724 Operation ID: {0,689943} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3A4.tmp Handle ID: 3724 Operation ID: {0,689938} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3796 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3796 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3796 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3A4.tmp Handle ID: 3796 Operation ID: {0,689925} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3A3.tmp Handle ID: 3724 Operation ID: {0,689922} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3A3.tmp Handle ID: 3436 Operation ID: {0,689921} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3A3.tmp Handle ID: 3436 Operation ID: {0,689912} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3A4.tmp Handle ID: 3436 Operation ID: {0,689911} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3A3.tmp Handle ID: 3436 Operation ID: {0,689905} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3460 Operation ID: {0,689852} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3796 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3796 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3796 Operation ID: {0,689447} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3796 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3796 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3796 Operation ID: {0,689403} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,689362} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3760 Operation ID: {0,689331} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3A2.tmp Handle ID: 3616 Operation ID: {0,689292} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3A1.tmp Handle ID: 3616 Operation ID: {0,689283} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3A2.tmp Handle ID: 3616 Operation ID: {0,689276} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3A2.tmp Handle ID: 3724 Operation ID: {0,689259} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3A1.tmp Handle ID: 3616 Operation ID: {0,689254} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3A1.tmp Handle ID: 3752 Operation ID: {0,689253} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3A1.tmp Handle ID: 3752 Operation ID: {0,689242} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3A2.tmp Handle ID: 3752 Operation ID: {0,689239} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3A1.tmp Handle ID: 3752 Operation ID: {0,689233} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3724 Operation ID: {0,689202} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3724 Operation ID: {0,689164} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3748 Operation ID: {0,689121} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3772 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3772 Operation ID: {0,689068} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3772 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3772 Operation ID: {0,689030} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3772 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3772 Operation ID: {0,688992} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,688937} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3A0.tmp Handle ID: 3724 Operation ID: {0,688906} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab39F.tmp Handle ID: 3724 Operation ID: {0,688897} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3A0.tmp Handle ID: 3724 Operation ID: {0,688890} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3536 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3A0.tmp Handle ID: 3436 Operation ID: {0,688873} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3536 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab39F.tmp Handle ID: 3724 Operation ID: {0,688868} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab39F.tmp Handle ID: 3536 Operation ID: {0,688867} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3536 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3536 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab39F.tmp Handle ID: 3536 Operation ID: {0,688856} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3536 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3A0.tmp Handle ID: 3536 Operation ID: {0,688853} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3536 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab39F.tmp Handle ID: 3536 Operation ID: {0,688847} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3748 Operation ID: {0,688794} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3460 Operation ID: {0,688676} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3676 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3676 Operation ID: {0,688667} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar39E.tmp Handle ID: 3672 Operation ID: {0,688473} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab39D.tmp Handle ID: 3672 Operation ID: {0,688460} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar39E.tmp Handle ID: 3672 Operation ID: {0,688455} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar39E.tmp Handle ID: 3760 Operation ID: {0,688436} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab39D.tmp Handle ID: 3672 Operation ID: {0,688433} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab39D.tmp Handle ID: 3724 Operation ID: {0,688432} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab39D.tmp Handle ID: 3724 Operation ID: {0,688423} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar39E.tmp Handle ID: 3724 Operation ID: {0,688418} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab39D.tmp Handle ID: 3724 Operation ID: {0,688412} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3760 Operation ID: {0,688377} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3760 Operation ID: {0,688339} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3748 Operation ID: {0,688296} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar39A.tmp Handle ID: 3724 Operation ID: {0,688144} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar39C.tmp Handle ID: 3760 Operation ID: {0,688135} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab39B.tmp Handle ID: 3760 Operation ID: {0,688126} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab399.tmp Handle ID: 3760 Operation ID: {0,688125} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar39C.tmp Handle ID: 3724 Operation ID: {0,688120} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar39A.tmp Handle ID: 3760 Operation ID: {0,688111} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar39C.tmp Handle ID: 3476 Operation ID: {0,688087} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar39A.tmp Handle ID: 3460 Operation ID: {0,688086} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab39B.tmp Handle ID: 3724 Operation ID: {0,688085} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab39B.tmp Handle ID: 3732 Operation ID: {0,688084} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab399.tmp Handle ID: 3760 Operation ID: {0,688079} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab399.tmp Handle ID: 3752 Operation ID: {0,688078} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab39B.tmp Handle ID: 3752 Operation ID: {0,688067} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar39C.tmp Handle ID: 3732 Operation ID: {0,688062} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab399.tmp Handle ID: 3752 Operation ID: {0,688061} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab39B.tmp Handle ID: 3752 Operation ID: {0,688051} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar39A.tmp Handle ID: 3752 Operation ID: {0,688049} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab399.tmp Handle ID: 3752 Operation ID: {0,688029} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,687974} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3496 Operation ID: {0,687888} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3560 Operation ID: {0,687839} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,687723} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,687714} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar396.tmp Handle ID: 3484 Operation ID: {0,687591} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab395.tmp Handle ID: 3484 Operation ID: {0,687572} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar396.tmp Handle ID: 3484 Operation ID: {0,687024} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3484 Operation ID: {0,687521} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3484 Operation ID: {0,687483} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3484 Operation ID: {0,687444} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3484 Operation ID: {0,687405} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar398.tmp Handle ID: 3748 Operation ID: {0,687382} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab397.tmp Handle ID: 3748 Operation ID: {0,687375} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar398.tmp Handle ID: 3748 Operation ID: {0,687372} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar398.tmp Handle ID: 3728 Operation ID: {0,687359} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab397.tmp Handle ID: 3748 Operation ID: {0,687356} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab397.tmp Handle ID: 3484 Operation ID: {0,687355} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab397.tmp Handle ID: 3484 Operation ID: {0,687344} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar398.tmp Handle ID: 3484 Operation ID: {0,687341} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab397.tmp Handle ID: 3484 Operation ID: {0,687337} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3728 Operation ID: {0,687302} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3728 Operation ID: {0,687264} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3708 Operation ID: {0,687221} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3340 Operation ID: {0,687181} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3340 Operation ID: {0,687143} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3340 Operation ID: {0,687104} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3340 Operation ID: {0,687037} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3752 Operation ID: {0,686992} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3752 Operation ID: {0,686954} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar396.tmp Handle ID: 3340 Operation ID: {0,686928} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab395.tmp Handle ID: 3708 Operation ID: {0,686917} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab395.tmp Handle ID: 3732 Operation ID: {0,686915} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3760 Operation ID: {0,686889} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab395.tmp Handle ID: 3732 Operation ID: {0,686875} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar396.tmp Handle ID: 3732 Operation ID: {0,686857} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab395.tmp Handle ID: 3732 Operation ID: {0,686853} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar394.tmp Handle ID: 3760 Operation ID: {0,686820} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab393.tmp Handle ID: 3760 Operation ID: {0,686815} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar394.tmp Handle ID: 3760 Operation ID: {0,686808} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3560 Operation ID: {0,686799} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3560 Operation ID: {0,686763} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar394.tmp Handle ID: 3708 Operation ID: {0,686732} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab393.tmp Handle ID: 3760 Operation ID: {0,686728} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab393.tmp Handle ID: 3476 Operation ID: {0,686725} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,686717} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab393.tmp Handle ID: 3560 Operation ID: {0,686712} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar394.tmp Handle ID: 3732 Operation ID: {0,686711} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab393.tmp Handle ID: 3732 Operation ID: {0,686705} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3752 Operation ID: {0,686641} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3764 Operation ID: {0,686603} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3752 Operation ID: {0,686404} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3732 Operation ID: {0,686298} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar392.tmp Handle ID: 3560 Operation ID: {0,686140} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab391.tmp Handle ID: 3560 Operation ID: {0,686133} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar392.tmp Handle ID: 3560 Operation ID: {0,686130} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar392.tmp Handle ID: 3484 Operation ID: {0,686115} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab391.tmp Handle ID: 3560 Operation ID: {0,686112} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab391.tmp Handle ID: 3708 Operation ID: {0,686111} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab391.tmp Handle ID: 3708 Operation ID: {0,686102} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar392.tmp Handle ID: 3708 Operation ID: {0,686095} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab391.tmp Handle ID: 3708 Operation ID: {0,686091} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3484 Operation ID: {0,686055} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3484 Operation ID: {0,686016} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3728 Operation ID: {0,685936} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3760 Operation ID: {0,685839} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3760 Operation ID: {0,685801} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,685731} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,685524} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3748 Operation ID: {0,685477} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar390.tmp Handle ID: 3484 Operation ID: {0,685448} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab38F.tmp Handle ID: 3484 Operation ID: {0,685443} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar390.tmp Handle ID: 3484 Operation ID: {0,685438} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar390.tmp Handle ID: 3748 Operation ID: {0,685425} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab38F.tmp Handle ID: 3484 Operation ID: {0,685422} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab38F.tmp Handle ID: 3476 Operation ID: {0,685421} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab38F.tmp Handle ID: 3476 Operation ID: {0,685410} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar390.tmp Handle ID: 3476 Operation ID: {0,685407} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab38F.tmp Handle ID: 3476 Operation ID: {0,685401} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3752 Operation ID: {0,685348} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3496 Operation ID: {0,685275} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3340 Operation ID: {0,685204} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3340 Operation ID: {0,685166} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3340 Operation ID: {0,685111} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3340 Operation ID: {0,685065} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3496 Operation ID: {0,685004} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3748 Operation ID: {0,684947} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,684922} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3748 Operation ID: {0,684888} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3748 Operation ID: {0,684849} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3340 Operation ID: {0,684798} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3340 Operation ID: {0,684760} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar38E.tmp Handle ID: 3764 Operation ID: {0,684631} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab38D.tmp Handle ID: 3764 Operation ID: {0,684626} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar38E.tmp Handle ID: 3764 Operation ID: {0,684621} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar38E.tmp Handle ID: 3732 Operation ID: {0,684608} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab38D.tmp Handle ID: 3764 Operation ID: {0,684605} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab38D.tmp Handle ID: 3340 Operation ID: {0,684604} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab38D.tmp Handle ID: 3340 Operation ID: {0,684595} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar38E.tmp Handle ID: 3340 Operation ID: {0,684590} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab38D.tmp Handle ID: 3340 Operation ID: {0,684586} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3732 Operation ID: {0,684549} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3732 Operation ID: {0,684510} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3692 Operation ID: {0,684435} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3708 Operation ID: {0,684392} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3708 Operation ID: {0,684354} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3708 Operation ID: {0,684316} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,684255} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar38C.tmp Handle ID: 3340 Operation ID: {0,684230} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab38B.tmp Handle ID: 3340 Operation ID: {0,684225} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar38C.tmp Handle ID: 3340 Operation ID: {0,684222} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar38C.tmp Handle ID: 3476 Operation ID: {0,684209} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab38B.tmp Handle ID: 3340 Operation ID: {0,684208} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab38B.tmp Handle ID: 3484 Operation ID: {0,684207} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab38B.tmp Handle ID: 3484 Operation ID: {0,684192} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar38C.tmp Handle ID: 3484 Operation ID: {0,684188} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab38B.tmp Handle ID: 3484 Operation ID: {0,684179} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3484 Operation ID: {0,684166} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3752 Operation ID: {0,684117} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,684077} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,684038} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,683938} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,683900} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3732 Operation ID: {0,683844} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar38A.tmp Handle ID: 3340 Operation ID: {0,683785} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab389.tmp Handle ID: 3340 Operation ID: {0,683776} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar38A.tmp Handle ID: 3340 Operation ID: {0,683769} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar38A.tmp Handle ID: 3484 Operation ID: {0,683752} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab389.tmp Handle ID: 3340 Operation ID: {0,683747} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab389.tmp Handle ID: 3764 Operation ID: {0,683746} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab389.tmp Handle ID: 3764 Operation ID: {0,683735} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar38A.tmp Handle ID: 3764 Operation ID: {0,683732} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab389.tmp Handle ID: 3764 Operation ID: {0,683726} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3560 Operation ID: {0,683692} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3708 Operation ID: {0,683649} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3484 Operation ID: {0,683609} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3728 Operation ID: {0,683586} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3760 Operation ID: {0,683541} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,683504} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,683465} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,683374} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,683336} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar388.tmp Handle ID: 3728 Operation ID: {0,683270} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab387.tmp Handle ID: 3728 Operation ID: {0,683265} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar388.tmp Handle ID: 3728 Operation ID: {0,683260} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar388.tmp Handle ID: 3484 Operation ID: {0,683245} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab387.tmp Handle ID: 3728 Operation ID: {0,683242} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab387.tmp Handle ID: 3580 Operation ID: {0,683241} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab387.tmp Handle ID: 3580 Operation ID: {0,683230} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar388.tmp Handle ID: 3580 Operation ID: {0,683227} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab387.tmp Handle ID: 3580 Operation ID: {0,683223} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3732 Operation ID: {0,683044} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,682995} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,682959} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,682923} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,682887} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,682851} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,682815} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,682779} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,682743} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,682673} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,682637} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,682596} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,682560} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,682513} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,682460} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar386.tmp Handle ID: 3804 Operation ID: {0,682423} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,682415} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab385.tmp Handle ID: 3544 Operation ID: {0,682404} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar386.tmp Handle ID: 3728 Operation ID: {0,682386} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3804 Operation ID: {0,682357} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3804 Operation ID: {0,682321} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar386.tmp Handle ID: 3544 Operation ID: {0,682292} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab385.tmp Handle ID: 3708 Operation ID: {0,682278} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab385.tmp Handle ID: 3728 Operation ID: {0,682277} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab385.tmp Handle ID: 3728 Operation ID: {0,682247} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar386.tmp Handle ID: 3724 Operation ID: {0,682235} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3496 Operation ID: {0,682229} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab385.tmp Handle ID: 3752 Operation ID: {0,682219} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,682177} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3460 Operation ID: {0,682113} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3460 Operation ID: {0,682100} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3728 Operation ID: {0,682061} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3728 Operation ID: {0,682025} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3728 Operation ID: {0,681989} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar384.tmp Handle ID: 3580 Operation ID: {0,681940} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab383.tmp Handle ID: 3580 Operation ID: {0,681935} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar384.tmp Handle ID: 3580 Operation ID: {0,681930} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar384.tmp Handle ID: 3340 Operation ID: {0,681917} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab383.tmp Handle ID: 3580 Operation ID: {0,681914} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab383.tmp Handle ID: 3748 Operation ID: {0,681913} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab383.tmp Handle ID: 3748 Operation ID: {0,681900} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar384.tmp Handle ID: 3748 Operation ID: {0,681899} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab383.tmp Handle ID: 3748 Operation ID: {0,681893} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3340 Operation ID: {0,681858} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3340 Operation ID: {0,681820} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3340 Operation ID: {0,681779} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3728 Operation ID: {0,681740} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3728 Operation ID: {0,681704} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3484 Operation ID: {0,681597} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3728 Operation ID: {0,681615} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3728 Operation ID: {0,681576} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3728 Operation ID: {0,681538} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3728 Operation ID: {0,681502} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3728 Operation ID: {0,681466} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3728 Operation ID: {0,681424} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3728 Operation ID: {0,681388} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3728 Operation ID: {0,681352} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3728 Operation ID: {0,681311} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3728 Operation ID: {0,681275} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3728 Operation ID: {0,681239} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar382.tmp Handle ID: 3544 Operation ID: {0,681193} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab381.tmp Handle ID: 3544 Operation ID: {0,681184} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar382.tmp Handle ID: 3544 Operation ID: {0,681177} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar382.tmp Handle ID: 3708 Operation ID: {0,681160} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab381.tmp Handle ID: 3544 Operation ID: {0,681155} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab381.tmp Handle ID: 3724 Operation ID: {0,681154} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab381.tmp Handle ID: 3724 Operation ID: {0,681143} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar382.tmp Handle ID: 3724 Operation ID: {0,681140} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab381.tmp Handle ID: 3724 Operation ID: {0,681044} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3728 Operation ID: {0,681116} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3728 Operation ID: {0,681080} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,680982} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,680972} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,680917} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3692 Operation ID: {0,680885} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3724 Operation ID: {0,680851} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3724 Operation ID: {0,680797} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3804 Operation ID: {0,680787} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3804 Operation ID: {0,680751} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3804 Operation ID: {0,680715} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3804 Operation ID: {0,680679} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3804 Operation ID: {0,680643} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3804 Operation ID: {0,680607} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3804 Operation ID: {0,680571} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3804 Operation ID: {0,680523} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3804 Operation ID: {0,680485} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3804 Operation ID: {0,680449} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3804 Operation ID: {0,680413} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3804 Operation ID: {0,680377} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3804 Operation ID: {0,680341} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3804 Operation ID: {0,680305} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3804 Operation ID: {0,680269} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3804 Operation ID: {0,680233} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3804 Operation ID: {0,680197} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3804 Operation ID: {0,680161} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3752 Operation ID: {0,680014} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar380.tmp Handle ID: 3728 Operation ID: {0,679985} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab37F.tmp Handle ID: 3728 Operation ID: {0,679980} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar380.tmp Handle ID: 3728 Operation ID: {0,679975} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar380.tmp Handle ID: 3752 Operation ID: {0,679936} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab37F.tmp Handle ID: 3728 Operation ID: {0,679930} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab37F.tmp Handle ID: 3692 Operation ID: {0,679929} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab37F.tmp Handle ID: 3692 Operation ID: {0,679908} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar380.tmp Handle ID: 3692 Operation ID: {0,679899} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab37F.tmp Handle ID: 3692 Operation ID: {0,679884} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3496 Operation ID: {0,679831} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3340 Operation ID: {0,679779} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3340 Operation ID: {0,679743} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3340 Operation ID: {0,679707} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3340 Operation ID: {0,679671} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3340 Operation ID: {0,679635} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3340 Operation ID: {0,679599} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3340 Operation ID: {0,679563} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3340 Operation ID: {0,679527} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3340 Operation ID: {0,679491} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3340 Operation ID: {0,679455} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3752 Operation ID: {0,679395} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3496 Operation ID: {0,679357} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,679237} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,679201} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,679165} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,679124} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,679088} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,679052} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,679013} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,678977} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar37E.tmp Handle ID: 3752 Operation ID: {0,678901} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab37D.tmp Handle ID: 3752 Operation ID: {0,678894} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar37E.tmp Handle ID: 3752 Operation ID: {0,678889} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,678864} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar37E.tmp Handle ID: 3600 Operation ID: {0,678844} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab37D.tmp Handle ID: 3752 Operation ID: {0,678842} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab37D.tmp Handle ID: 3804 Operation ID: {0,678834} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab37D.tmp Handle ID: 3804 Operation ID: {0,678809} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,678804} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar37E.tmp Handle ID: 3544 Operation ID: {0,678798} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab37D.tmp Handle ID: 3692 Operation ID: {0,678778} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3340 Operation ID: {0,678749} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3752 Operation ID: {0,678713} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3692 Operation ID: {0,678671} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,678654} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3692 Operation ID: {0,678587} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,678570} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3692 Operation ID: {0,678541} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3692 Operation ID: {0,678505} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3692 Operation ID: {0,678469} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3692 Operation ID: {0,678433} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3692 Operation ID: {0,678397} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3692 Operation ID: {0,678360} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3692 Operation ID: {0,678311} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3692 Operation ID: {0,678275} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3692 Operation ID: {0,678239} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3692 Operation ID: {0,678203} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3692 Operation ID: {0,678167} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,678133} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar37C.tmp Handle ID: 3600 Operation ID: {0,678105} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab37B.tmp Handle ID: 3600 Operation ID: {0,678098} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3692 Operation ID: {0,678059} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar37C.tmp Handle ID: 3600 Operation ID: {0,678043} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3692 Operation ID: {0,678014} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3692 Operation ID: {0,677978} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar37C.tmp Handle ID: 2540 Operation ID: {0,677949} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab37B.tmp Handle ID: 3600 Operation ID: {0,677935} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab37B.tmp Handle ID: 3804 Operation ID: {0,677933} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3692 Operation ID: {0,677925} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab37B.tmp Handle ID: 3692 Operation ID: {0,677911} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar37C.tmp Handle ID: 3600 Operation ID: {0,677905} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab37B.tmp Handle ID: 3692 Operation ID: {0,677894} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3496 Operation ID: {0,677848} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3752 Operation ID: {0,677814} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3752 Operation ID: {0,677520} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar37A.tmp Handle ID: 3484 Operation ID: {0,677379} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab379.tmp Handle ID: 3484 Operation ID: {0,677370} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar37A.tmp Handle ID: 3484 Operation ID: {0,677363} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar37A.tmp Handle ID: 3728 Operation ID: {0,677343} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab379.tmp Handle ID: 3484 Operation ID: {0,677338} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab379.tmp Handle ID: 3600 Operation ID: {0,677337} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab379.tmp Handle ID: 3600 Operation ID: {0,677326} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar37A.tmp Handle ID: 3600 Operation ID: {0,677323} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab379.tmp Handle ID: 3600 Operation ID: {0,677316} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3728 Operation ID: {0,677280} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3728 Operation ID: {0,677242} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3752 Operation ID: {0,677199} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3692 Operation ID: {0,676920} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar378.tmp Handle ID: 3600 Operation ID: {0,676891} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab377.tmp Handle ID: 3600 Operation ID: {0,676886} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar378.tmp Handle ID: 3600 Operation ID: {0,676883} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar378.tmp Handle ID: 3692 Operation ID: {0,676826} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab377.tmp Handle ID: 3600 Operation ID: {0,676816} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab377.tmp Handle ID: 3580 Operation ID: {0,676814} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab377.tmp Handle ID: 3580 Operation ID: {0,676785} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar378.tmp Handle ID: 3580 Operation ID: {0,676780} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab377.tmp Handle ID: 3772 Operation ID: {0,676767} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3496 Operation ID: {0,676698} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar376.tmp Handle ID: 3496 Operation ID: {0,676695} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab375.tmp Handle ID: 3752 Operation ID: {0,676686} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar376.tmp Handle ID: 3752 Operation ID: {0,676681} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar376.tmp Handle ID: 3496 Operation ID: {0,676668} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab375.tmp Handle ID: 3752 Operation ID: {0,676665} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab375.tmp Handle ID: 3768 Operation ID: {0,676664} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab375.tmp Handle ID: 3768 Operation ID: {0,676655} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar376.tmp Handle ID: 3768 Operation ID: {0,676650} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab375.tmp Handle ID: 3768 Operation ID: {0,676646} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3780 Operation ID: {0,676593} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,676525} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3780 Operation ID: {0,676325} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3780 Operation ID: {0,676262} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3736 Operation ID: {0,675589} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3736 Operation ID: {0,675505} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3736 Operation ID: {0,675464} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3736 Operation ID: {0,675077} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3736 Operation ID: {0,675035} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3736 Operation ID: {0,674996} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3736 Operation ID: {0,674957} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3736 Operation ID: {0,674917} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3736 Operation ID: {0,674878} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3736 Operation ID: {0,674839} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3736 Operation ID: {0,674800} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3736 Operation ID: {0,674761} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3736 Operation ID: {0,674721} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3736 Operation ID: {0,674683} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3736 Operation ID: {0,674647} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar374.tmp Handle ID: 3776 Operation ID: {0,674603} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab373.tmp Handle ID: 3776 Operation ID: {0,674598} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar374.tmp Handle ID: 3776 Operation ID: {0,674593} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar374.tmp Handle ID: 2540 Operation ID: {0,674576} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab373.tmp Handle ID: 3776 Operation ID: {0,674575} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab373.tmp Handle ID: 3724 Operation ID: {0,674574} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab373.tmp Handle ID: 3724 Operation ID: {0,674563} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar374.tmp Handle ID: 3724 Operation ID: {0,674560} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab373.tmp Handle ID: 3736 Operation ID: {0,674556} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,674520} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,674482} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3692 Operation ID: {0,674436} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3752 Operation ID: {0,674421} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3752 Operation ID: {0,674385} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3752 Operation ID: {0,674349} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3752 Operation ID: {0,674313} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3752 Operation ID: {0,674277} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3752 Operation ID: {0,674241} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3752 Operation ID: {0,674188} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,674117} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar372.tmp Handle ID: 3736 Operation ID: {0,674088} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab371.tmp Handle ID: 3736 Operation ID: {0,674085} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar372.tmp Handle ID: 3736 Operation ID: {0,674080} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar372.tmp Handle ID: 2540 Operation ID: {0,674067} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab371.tmp Handle ID: 3736 Operation ID: {0,674064} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab371.tmp Handle ID: 3476 Operation ID: {0,674063} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab371.tmp Handle ID: 3476 Operation ID: {0,674052} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar372.tmp Handle ID: 3476 Operation ID: {0,674047} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab371.tmp Handle ID: 3476 Operation ID: {0,674043} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,673974} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3752 Operation ID: {0,673968} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar370.tmp Handle ID: 3804 Operation ID: {0,673967} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab36F.tmp Handle ID: 3804 Operation ID: {0,673963} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar370.tmp Handle ID: 3732 Operation ID: {0,673951} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3752 Operation ID: {0,673915} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar370.tmp Handle ID: 3692 Operation ID: {0,673873} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab36F.tmp Handle ID: 3732 Operation ID: {0,673870} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3752 Operation ID: {0,673869} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab36F.tmp Handle ID: 3776 Operation ID: {0,673868} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab36F.tmp Handle ID: 3732 Operation ID: {0,673844} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar370.tmp Handle ID: 3752 Operation ID: {0,673816} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,673821} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab36F.tmp Handle ID: 3776 Operation ID: {0,673809} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,673763} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,673730} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3804 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3804 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3804 Operation ID: {0,673697} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,673639} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3752 Operation ID: {0,673633} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3692 Operation ID: {0,673589} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3752 Operation ID: {0,673530} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,673469} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,673451} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,673252} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar36E.tmp Handle ID: 3692 Operation ID: {0,673146} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar36D.tmp Handle ID: 3692 Operation ID: {0,673145} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab36C.tmp Handle ID: 3732 Operation ID: {0,673144} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar36E.tmp Handle ID: 3732 Operation ID: {0,673143} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab36B.tmp Handle ID: 3732 Operation ID: {0,673142} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar36D.tmp Handle ID: 3732 Operation ID: {0,673137} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar36E.tmp Handle ID: 2540 Operation ID: {0,673136} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar36D.tmp Handle ID: 3748 Operation ID: {0,673133} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab36C.tmp Handle ID: 3692 Operation ID: {0,673135} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab36C.tmp Handle ID: 3752 Operation ID: {0,673134} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab36B.tmp Handle ID: 3732 Operation ID: {0,673130} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab36B.tmp Handle ID: 3580 Operation ID: {0,673129} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab36C.tmp Handle ID: 3580 Operation ID: {0,673124} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab36B.tmp Handle ID: 3732 Operation ID: {0,673123} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar36E.tmp Handle ID: 3732 Operation ID: {0,673119} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar36D.tmp Handle ID: 3732 Operation ID: {0,673118} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab36B.tmp Handle ID: 3732 Operation ID: {0,673098} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab36C.tmp Handle ID: 3732 Operation ID: {0,673105} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3752 Operation ID: {0,673059} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3752 Operation ID: {0,673021} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,672878} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,672839} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,672572} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar36A.tmp Handle ID: 3748 Operation ID: {0,672527} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab369.tmp Handle ID: 3460 Operation ID: {0,672521} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar36A.tmp Handle ID: 3692 Operation ID: {0,672516} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3692 Operation ID: {0,672491} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar36A.tmp Handle ID: 3776 Operation ID: {0,672478} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab369.tmp Handle ID: 3732 Operation ID: {0,672475} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab369.tmp Handle ID: 3728 Operation ID: {0,672474} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab369.tmp Handle ID: 3728 Operation ID: {0,672465} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar36A.tmp Handle ID: 3728 Operation ID: {0,672462} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab369.tmp Handle ID: 3728 Operation ID: {0,672458} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,672405} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar368.tmp Handle ID: 3760 Operation ID: {0,672370} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab367.tmp Handle ID: 3760 Operation ID: {0,672365} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar368.tmp Handle ID: 3760 Operation ID: {0,672360} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar368.tmp Handle ID: 3600 Operation ID: {0,672349} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab367.tmp Handle ID: 3760 Operation ID: {0,672343} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab367.tmp Handle ID: 3768 Operation ID: {0,672340} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab367.tmp Handle ID: 3768 Operation ID: {0,672280} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar368.tmp Handle ID: 3768 Operation ID: {0,672266} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab367.tmp Handle ID: 3768 Operation ID: {0,672230} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3724 Operation ID: {0,672097} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,672036} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,671990} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,671949} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar366.tmp Handle ID: 3460 Operation ID: {0,671888} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab365.tmp Handle ID: 3460 Operation ID: {0,671881} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar366.tmp Handle ID: 3460 Operation ID: {0,671876} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar366.tmp Handle ID: 2540 Operation ID: {0,671861} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab365.tmp Handle ID: 3460 Operation ID: {0,671858} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab365.tmp Handle ID: 3748 Operation ID: {0,671857} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab365.tmp Handle ID: 3748 Operation ID: {0,671846} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar366.tmp Handle ID: 3748 Operation ID: {0,671843} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab365.tmp Handle ID: 3748 Operation ID: {0,671839} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,671804} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,671766} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,671723} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3728 Operation ID: {0,671607} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar364.tmp Handle ID: 3748 Operation ID: {0,671576} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab363.tmp Handle ID: 3748 Operation ID: {0,671571} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar364.tmp Handle ID: 3748 Operation ID: {0,671564} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar364.tmp Handle ID: 3728 Operation ID: {0,671551} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab363.tmp Handle ID: 3748 Operation ID: {0,671548} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab363.tmp Handle ID: 3692 Operation ID: {0,671547} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab363.tmp Handle ID: 3692 Operation ID: {0,671536} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar364.tmp Handle ID: 3692 Operation ID: {0,671531} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab363.tmp Handle ID: 3692 Operation ID: {0,671529} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,671476} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,671405} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar362.tmp Handle ID: 3728 Operation ID: {0,671037} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab361.tmp Handle ID: 3728 Operation ID: {0,671030} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar362.tmp Handle ID: 3728 Operation ID: {0,671025} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar362.tmp Handle ID: 3692 Operation ID: {0,671012} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab361.tmp Handle ID: 3728 Operation ID: {0,671009} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab361.tmp Handle ID: 3476 Operation ID: {0,671008} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab361.tmp Handle ID: 3476 Operation ID: {0,670997} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar362.tmp Handle ID: 3476 Operation ID: {0,670992} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab361.tmp Handle ID: 3476 Operation ID: {0,670990} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3692 Operation ID: {0,670954} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3692 Operation ID: {0,670915} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,670829} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar360.tmp Handle ID: 3692 Operation ID: {0,670718} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab35F.tmp Handle ID: 3692 Operation ID: {0,670715} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar360.tmp Handle ID: 3692 Operation ID: {0,670710} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar360.tmp Handle ID: 3732 Operation ID: {0,670699} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab35F.tmp Handle ID: 3692 Operation ID: {0,670696} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab35F.tmp Handle ID: 3760 Operation ID: {0,670695} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab35F.tmp Handle ID: 3760 Operation ID: {0,670686} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar360.tmp Handle ID: 3760 Operation ID: {0,670683} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab35F.tmp Handle ID: 3760 Operation ID: {0,670679} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3724 Operation ID: {0,670625} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,670562} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar35E.tmp Handle ID: 3748 Operation ID: {0,670528} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab35D.tmp Handle ID: 3748 Operation ID: {0,670519} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar35E.tmp Handle ID: 3748 Operation ID: {0,670516} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar35E.tmp Handle ID: 3484 Operation ID: {0,670503} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab35D.tmp Handle ID: 3748 Operation ID: {0,670500} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab35D.tmp Handle ID: 3544 Operation ID: {0,670499} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab35D.tmp Handle ID: 3544 Operation ID: {0,670488} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar35E.tmp Handle ID: 3544 Operation ID: {0,670485} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab35D.tmp Handle ID: 3544 Operation ID: {0,670481} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3484 Operation ID: {0,670446} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3484 Operation ID: {0,670408} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3484 Operation ID: {0,670367} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar35C.tmp Handle ID: 3648 Operation ID: {0,669786} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab35B.tmp Handle ID: 3648 Operation ID: {0,669781} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar35C.tmp Handle ID: 3648 Operation ID: {0,669778} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar35C.tmp Handle ID: 3544 Operation ID: {0,669765} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab35B.tmp Handle ID: 3648 Operation ID: {0,669762} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab35B.tmp Handle ID: 3764 Operation ID: {0,669761} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab35B.tmp Handle ID: 3764 Operation ID: {0,669751} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar35C.tmp Handle ID: 3764 Operation ID: {0,669741} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab35B.tmp Handle ID: 3764 Operation ID: {0,669734} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,669681} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,669618} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar35A.tmp Handle ID: 3760 Operation ID: {0,669576} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab359.tmp Handle ID: 3760 Operation ID: {0,669567} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar35A.tmp Handle ID: 3760 Operation ID: {0,669560} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar35A.tmp Handle ID: 3648 Operation ID: {0,669543} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab359.tmp Handle ID: 3760 Operation ID: {0,669537} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab359.tmp Handle ID: 3580 Operation ID: {0,669536} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab359.tmp Handle ID: 3580 Operation ID: {0,669521} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar35A.tmp Handle ID: 3760 Operation ID: {0,669516} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab359.tmp Handle ID: 3760 Operation ID: {0,669502} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,669467} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,669426} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3484 Operation ID: {0,669383} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,669337} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar358.tmp Handle ID: 3708 Operation ID: {0,669305} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab357.tmp Handle ID: 3708 Operation ID: {0,669296} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar358.tmp Handle ID: 3708 Operation ID: {0,669289} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar358.tmp Handle ID: 3648 Operation ID: {0,669274} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3772 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab357.tmp Handle ID: 3708 Operation ID: {0,669267} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab357.tmp Handle ID: 3772 Operation ID: {0,669266} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3772 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab357.tmp Handle ID: 3772 Operation ID: {0,669257} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar358.tmp Handle ID: 3772 Operation ID: {0,669252} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab357.tmp Handle ID: 3772 Operation ID: {0,669246} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3484 Operation ID: {0,669193} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3484 Operation ID: {0,669124} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar356.tmp Handle ID: 3764 Operation ID: {0,669075} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab355.tmp Handle ID: 3764 Operation ID: {0,669064} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar356.tmp Handle ID: 3764 Operation ID: {0,669059} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar356.tmp Handle ID: 3732 Operation ID: {0,669040} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3772 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab355.tmp Handle ID: 3764 Operation ID: {0,669037} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab355.tmp Handle ID: 3772 Operation ID: {0,669036} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3772 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab355.tmp Handle ID: 3772 Operation ID: {0,669027} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar356.tmp Handle ID: 3772 Operation ID: {0,669022} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab355.tmp Handle ID: 3772 Operation ID: {0,669016} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3732 Operation ID: {0,668981} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3732 Operation ID: {0,668943} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3484 Operation ID: {0,668900} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar354.tmp Handle ID: 3692 Operation ID: {0,668317} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab353.tmp Handle ID: 3340 Operation ID: {0,668253} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar354.tmp Handle ID: 3340 Operation ID: {0,668248} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar354.tmp Handle ID: 3764 Operation ID: {0,668233} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab353.tmp Handle ID: 3340 Operation ID: {0,668232} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab353.tmp Handle ID: 3692 Operation ID: {0,668231} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab353.tmp Handle ID: 3692 Operation ID: {0,668222} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar354.tmp Handle ID: 3692 Operation ID: {0,668219} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab353.tmp Handle ID: 3692 Operation ID: {0,668215} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,668148} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3496 Operation ID: {0,667822} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3772 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3772 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar352.tmp Handle ID: 3772 Operation ID: {0,667657} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3772 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3772 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab351.tmp Handle ID: 3772 Operation ID: {0,667638} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3772 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar352.tmp Handle ID: 3772 Operation ID: {0,667621} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3772 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar352.tmp Handle ID: 3496 Operation ID: {0,667500} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab351.tmp Handle ID: 3772 Operation ID: {0,667488} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab351.tmp Handle ID: 3484 Operation ID: {0,667485} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab351.tmp Handle ID: 3484 Operation ID: {0,667446} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar352.tmp Handle ID: 3484 Operation ID: {0,667433} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab351.tmp Handle ID: 3340 Operation ID: {0,667418} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3792 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3792 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3792 Operation ID: {0,667293} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,667282} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar350.tmp Handle ID: 3340 Operation ID: {0,666784} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34F.tmp Handle ID: 3340 Operation ID: {0,666775} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar350.tmp Handle ID: 3340 Operation ID: {0,666768} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar350.tmp Handle ID: 3708 Operation ID: {0,666749} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34F.tmp Handle ID: 3340 Operation ID: {0,666744} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34F.tmp Handle ID: 3764 Operation ID: {0,666743} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34F.tmp Handle ID: 3764 Operation ID: {0,666732} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar350.tmp Handle ID: 3764 Operation ID: {0,666729} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34F.tmp Handle ID: 3764 Operation ID: {0,666723} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3708 Operation ID: {0,666686} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3708 Operation ID: {0,666636} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3736 Operation ID: {0,666594} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,666558} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3732 Operation ID: {0,666434} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34E.tmp Handle ID: 3708 Operation ID: {0,666396} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34D.tmp Handle ID: 3708 Operation ID: {0,666390} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34E.tmp Handle ID: 3708 Operation ID: {0,666387} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34E.tmp Handle ID: 3732 Operation ID: {0,666322} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34D.tmp Handle ID: 3708 Operation ID: {0,666319} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34D.tmp Handle ID: 3752 Operation ID: {0,666318} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34D.tmp Handle ID: 3752 Operation ID: {0,666307} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34E.tmp Handle ID: 3752 Operation ID: {0,666304} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34D.tmp Handle ID: 3752 Operation ID: {0,666300} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,666247} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34C.tmp Handle ID: 3760 Operation ID: {0,666227} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34A.tmp Handle ID: 3760 Operation ID: {0,666218} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34C.tmp Handle ID: 3760 Operation ID: {0,666213} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34C.tmp Handle ID: 3420 Operation ID: {0,666194} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34A.tmp Handle ID: 3760 Operation ID: {0,666191} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34A.tmp Handle ID: 3776 Operation ID: {0,666190} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34A.tmp Handle ID: 3692 Operation ID: {0,666048} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34C.tmp Handle ID: 3692 Operation ID: {0,666045} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34A.tmp Handle ID: 3692 Operation ID: {0,663317} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,663948} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34B.tmp Handle ID: 3732 Operation ID: {0,663393} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab349.tmp Handle ID: 3732 Operation ID: {0,663390} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34B.tmp Handle ID: 3732 Operation ID: {0,663387} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34B.tmp Handle ID: 3752 Operation ID: {0,663374} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab349.tmp Handle ID: 3732 Operation ID: {0,663373} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab349.tmp Handle ID: 3736 Operation ID: {0,663370} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab349.tmp Handle ID: 3736 Operation ID: {0,663361} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34B.tmp Handle ID: 3736 Operation ID: {0,663358} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab349.tmp Handle ID: 3736 Operation ID: {0,663191} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3772 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3772 Operation ID: {0,663223} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3692 Operation ID: {0,663153} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3484 Operation ID: {0,663108} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,663022} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3340 Operation ID: {0,663006} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3788 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3788 Operation ID: {0,662944} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3724 Operation ID: {0,662613} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar348.tmp Handle ID: 3736 Operation ID: {0,662551} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab347.tmp Handle ID: 3736 Operation ID: {0,662542} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar348.tmp Handle ID: 3736 Operation ID: {0,662535} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar348.tmp Handle ID: 3724 Operation ID: {0,662518} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab347.tmp Handle ID: 3736 Operation ID: {0,662513} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab347.tmp Handle ID: 3708 Operation ID: {0,662512} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab347.tmp Handle ID: 3708 Operation ID: {0,662501} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar348.tmp Handle ID: 3708 Operation ID: {0,662498} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab347.tmp Handle ID: 3708 Operation ID: {0,662480} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3484 Operation ID: {0,662382} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,662326} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar346.tmp Handle ID: 3600 Operation ID: {0,662259} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab345.tmp Handle ID: 3684 Operation ID: {0,662252} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar346.tmp Handle ID: 3684 Operation ID: {0,662242} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar346.tmp Handle ID: 3760 Operation ID: {0,662120} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab345.tmp Handle ID: 3600 Operation ID: {0,662118} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab345.tmp Handle ID: 3648 Operation ID: {0,662116} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab345.tmp Handle ID: 3648 Operation ID: {0,662099} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar346.tmp Handle ID: 3648 Operation ID: {0,662096} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab345.tmp Handle ID: 3684 Operation ID: {0,662082} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3788 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3788 Operation ID: {0,661913} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3736 Operation ID: {0,661794} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,661209} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar344.tmp Handle ID: 3600 Operation ID: {0,661190} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab343.tmp Handle ID: 3600 Operation ID: {0,661187} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar344.tmp Handle ID: 3600 Operation ID: {0,661181} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar344.tmp Handle ID: 3776 Operation ID: {0,661136} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab343.tmp Handle ID: 3600 Operation ID: {0,661135} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab343.tmp Handle ID: 3708 Operation ID: {0,661134} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab343.tmp Handle ID: 3708 Operation ID: {0,660904} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar344.tmp Handle ID: 3708 Operation ID: {0,660891} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab343.tmp Handle ID: 3708 Operation ID: {0,660855} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3764 Operation ID: {0,660820} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3496 Operation ID: {0,660759} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3724 Operation ID: {0,660712} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar342.tmp Handle ID: 3752 Operation ID: {0,660218} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab341.tmp Handle ID: 3752 Operation ID: {0,660204} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar342.tmp Handle ID: 3752 Operation ID: {0,660199} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar340.tmp Handle ID: 3420 Operation ID: {0,660186} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33F.tmp Handle ID: 3420 Operation ID: {0,660181} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar340.tmp Handle ID: 3420 Operation ID: {0,660178} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar342.tmp Handle ID: 3496 Operation ID: {0,660161} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab341.tmp Handle ID: 3752 Operation ID: {0,660160} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab341.tmp Handle ID: 3764 Operation ID: {0,660159} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar340.tmp Handle ID: 3476 Operation ID: {0,660156} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3772 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33F.tmp Handle ID: 3420 Operation ID: {0,660154} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33F.tmp Handle ID: 3772 Operation ID: {0,660150} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab341.tmp Handle ID: 3420 Operation ID: {0,660076} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar342.tmp Handle ID: 3420 Operation ID: {0,660054} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab341.tmp Handle ID: 3420 Operation ID: {0,660021} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,659872} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33F.tmp Handle ID: 3600 Operation ID: {0,659755} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar340.tmp Handle ID: 3600 Operation ID: {0,659746} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33F.tmp Handle ID: 3600 Operation ID: {0,659736} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,659670} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,659620} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3736 Operation ID: {0,659567} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3340 Operation ID: {0,659084} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33E.tmp Handle ID: 3600 Operation ID: {0,659059} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33D.tmp Handle ID: 3600 Operation ID: {0,659054} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33E.tmp Handle ID: 3600 Operation ID: {0,659051} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33E.tmp Handle ID: 3340 Operation ID: {0,659036} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33D.tmp Handle ID: 3600 Operation ID: {0,659035} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33D.tmp Handle ID: 3724 Operation ID: {0,659034} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33D.tmp Handle ID: 3724 Operation ID: {0,658982} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33E.tmp Handle ID: 3724 Operation ID: {0,658979} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33D.tmp Handle ID: 3724 Operation ID: {0,658963} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3796 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3796 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3796 Operation ID: {0,658836} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3772 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3772 Operation ID: {0,658776} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33C.tmp Handle ID: 3476 Operation ID: {0,658447} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33B.tmp Handle ID: 3476 Operation ID: {0,658442} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33C.tmp Handle ID: 3476 Operation ID: {0,658439} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33C.tmp Handle ID: 3544 Operation ID: {0,658418} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33B.tmp Handle ID: 3476 Operation ID: {0,658417} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33B.tmp Handle ID: 3780 Operation ID: {0,658415} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,658242} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33B.tmp Handle ID: 3752 Operation ID: {0,658120} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33C.tmp Handle ID: 3752 Operation ID: {0,658119} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33B.tmp Handle ID: 3752 Operation ID: {0,658091} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,657847} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33A.tmp Handle ID: 3724 Operation ID: {0,657849} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab339.tmp Handle ID: 3724 Operation ID: {0,657843} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33A.tmp Handle ID: 3544 Operation ID: {0,657832} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3692 Operation ID: {0,657791} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33A.tmp Handle ID: 3724 Operation ID: {0,657771} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab339.tmp Handle ID: 3544 Operation ID: {0,657765} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab339.tmp Handle ID: 3476 Operation ID: {0,657764} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab339.tmp Handle ID: 3692 Operation ID: {0,657747} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33A.tmp Handle ID: 3476 Operation ID: {0,657733} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab339.tmp Handle ID: 3476 Operation ID: {0,657720} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3692 Operation ID: {0,657726} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3692 Operation ID: {0,657643} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3692 Operation ID: {0,657566} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3780 Operation ID: {0,657476} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar338.tmp Handle ID: 3752 Operation ID: {0,656849} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab337.tmp Handle ID: 3752 Operation ID: {0,656844} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar338.tmp Handle ID: 3752 Operation ID: {0,656841} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar338.tmp Handle ID: 3776 Operation ID: {0,656830} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab337.tmp Handle ID: 3752 Operation ID: {0,656829} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab337.tmp Handle ID: 3476 Operation ID: {0,656828} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab337.tmp Handle ID: 3476 Operation ID: {0,656776} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar338.tmp Handle ID: 3476 Operation ID: {0,656775} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab337.tmp Handle ID: 3476 Operation ID: {0,656769} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3780 Operation ID: {0,656677} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,655964} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar336.tmp Handle ID: 3732 Operation ID: {0,655409} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab335.tmp Handle ID: 3732 Operation ID: {0,655404} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar336.tmp Handle ID: 3732 Operation ID: {0,655399} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar336.tmp Handle ID: 3752 Operation ID: {0,655368} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab335.tmp Handle ID: 3732 Operation ID: {0,655364} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab335.tmp Handle ID: 3724 Operation ID: {0,655360} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab335.tmp Handle ID: 3724 Operation ID: {0,655316} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar336.tmp Handle ID: 3724 Operation ID: {0,655313} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab335.tmp Handle ID: 3724 Operation ID: {0,655309} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3752 Operation ID: {0,655221} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3752 Operation ID: {0,655168} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3752 Operation ID: {0,655121} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,652896} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3660 Operation ID: {0,650735} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3660 Operation ID: {0,650697} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3660 Operation ID: {0,650659} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3676 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3676 Operation ID: {0,650449} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3676 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3676 Operation ID: {0,649465} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3676 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3676 Operation ID: {0,649427} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3676 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3676 Operation ID: {0,649387} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3676 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3676 Operation ID: {0,649349} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 3672 Operation ID: {0,647119} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3672 Operation ID: {0,645937} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3672 Operation ID: {0,645901} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3672 Operation ID: {0,645865} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3672 Operation ID: {0,645829} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3672 Operation ID: {0,645793} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3672 Operation ID: {0,645757} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3672 Operation ID: {0,645719} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3672 Operation ID: {0,645683} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3672 Operation ID: {0,645647} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3672 Operation ID: {0,645611} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3672 Operation ID: {0,645574} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3672 Operation ID: {0,645535} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3672 Operation ID: {0,644652} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3672 Operation ID: {0,644613} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,644316} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,644252} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,644024} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,643984} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,643864} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,643822} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,643783} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 3672 Operation ID: {0,642159} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\FileRenameOperations Handle ID: 3672 Operation ID: {0,642158} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 3672 Operation ID: {0,641266} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3672 Operation ID: {0,640406} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,640164} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,639930} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,639716} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,639217} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,638989} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,638212} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,637997} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,637787} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,637569} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,637354} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,637118} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,636959} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,636895} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,636682} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,636629} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,636419} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,632407} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,632182} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,631972} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,631741} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,631699} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,631646} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3676 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3676 Operation ID: {0,631062} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3676 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3676 Operation ID: {0,630843} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,630592} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,630547} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,630507} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,630099} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,629851} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,629485} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,629202} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,629157} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,628933} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,628892} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,628853} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,628635} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,628594} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,628394} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,628350} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,628123} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,627907} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3556 Operation ID: {0,627523} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3556 Operation ID: {0,627232} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3556 Operation ID: {0,627152} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3556 Operation ID: {0,627103} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3556 Operation ID: {0,627062} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3556 Operation ID: {0,626426} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3556 Operation ID: {0,626383} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3556 Operation ID: {0,626341} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3556 Operation ID: {0,626116} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3556 Operation ID: {0,625902} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3556 Operation ID: {0,625831} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 176 Process ID: 4920 Image File Name: C:\WINDOWS\system32\wbem\wmiprvse.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 176 Object Type: Key Process ID: 4920 Image File Name: C:\WINDOWS\system32\wbem\wmiprvse.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 176 Operation ID: {0,625775} Process ID: 4920 Image File Name: C:\WINDOWS\system32\wbem\wmiprvse.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 116 Process ID: 4920 Image File Name: C:\WINDOWS\system32\wbem\wmiprvse.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 116 Object Type: Key Process ID: 4920 Image File Name: C:\WINDOWS\system32\wbem\wmiprvse.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 116 Operation ID: {0,625700} Process ID: 4920 Image File Name: C:\WINDOWS\system32\wbem\wmiprvse.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3556 Operation ID: {0,625623} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3556 Operation ID: {0,625545} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3556 Operation ID: {0,624919} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3620 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3620 Operation ID: {0,623753} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3620 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3620 Operation ID: {0,623495} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3620 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3620 Operation ID: {0,623453} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3620 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3620 Operation ID: {0,623229} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3620 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3620 Operation ID: {0,623016} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3620 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3620 Operation ID: {0,622968} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3620 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3620 Operation ID: {0,622453} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3620 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3620 Operation ID: {0,622117} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3620 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3620 Operation ID: {0,621908} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3620 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3620 Operation ID: {0,621653} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3620 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3620 Operation ID: {0,620999} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3620 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3620 Operation ID: {0,620758} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3620 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3620 Operation ID: {0,620547} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3620 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3620 Operation ID: {0,620493} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3620 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3620 Operation ID: {0,620234} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3620 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3620 Operation ID: {0,620176} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3688 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3688 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3688 Operation ID: {0,619950} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3688 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3688 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3688 Operation ID: {0,619733} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3688 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3688 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3688 Operation ID: {0,619680} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3688 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3688 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3688 Operation ID: {0,619519} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3688 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3688 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3688 Operation ID: {0,619275} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3688 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3688 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3688 Operation ID: {0,619060} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3688 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3688 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3688 Operation ID: {0,618654} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3688 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3688 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3688 Operation ID: {0,618595} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3688 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3688 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3688 Operation ID: {0,618374} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3688 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3688 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3688 Operation ID: {0,618332} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3620 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3620 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3620 Operation ID: {0,618086} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3688 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3688 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3688 Operation ID: {0,617847} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,617703} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,617660} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,617621} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,617582} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\ntuser.dat Handle ID: 3648 Operation ID: {0,617248} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: SYNCHRONIZE ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\New Text Document.txt Handle ID: 3648 Operation ID: {0,617242} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: SYNCHRONIZE ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 3672 Operation ID: {0,617233} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: SYNCHRONIZE ReadData (or ListDirectory) Privileges: - Restricted Sid Count: 0 Access Mask: 0x100001 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3672 Operation ID: {0,617186} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\ntuser.dat Handle ID: 3648 Operation ID: {0,617166} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: SYNCHRONIZE ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\ntuser.dat Handle ID: 3648 Operation ID: {0,617159} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: SYNCHRONIZE ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\New Text Document.txt Handle ID: 3648 Operation ID: {0,617151} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: SYNCHRONIZE ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\New Text Document.txt Handle ID: 3648 Operation ID: {0,617146} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: SYNCHRONIZE ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:36 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 3672 Operation ID: {0,617135} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: SYNCHRONIZE ReadData (or ListDirectory) Privileges: - Restricted Sid Count: 0 Access Mask: 0x100001 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar334.tmp Handle ID: 3692 Operation ID: {0,616671} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab333.tmp Handle ID: 3692 Operation ID: {0,616666} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar334.tmp Handle ID: 3692 Operation ID: {0,616663} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar334.tmp Handle ID: 3660 Operation ID: {0,616652} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3716 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab333.tmp Handle ID: 3692 Operation ID: {0,616649} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab333.tmp Handle ID: 3716 Operation ID: {0,616648} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3716 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab333.tmp Handle ID: 3716 Operation ID: {0,616637} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar334.tmp Handle ID: 3716 Operation ID: {0,616636} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab333.tmp Handle ID: 3716 Operation ID: {0,616632} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3560 Operation ID: {0,616579} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3560 Operation ID: {0,616516} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar332.tmp Handle ID: 3744 Operation ID: {0,616478} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab331.tmp Handle ID: 3744 Operation ID: {0,616469} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar332.tmp Handle ID: 3744 Operation ID: {0,616462} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar332.tmp Handle ID: 3692 Operation ID: {0,616445} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab331.tmp Handle ID: 3744 Operation ID: {0,616440} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab331.tmp Handle ID: 3616 Operation ID: {0,616439} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab331.tmp Handle ID: 3616 Operation ID: {0,616428} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar332.tmp Handle ID: 3616 Operation ID: {0,616421} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab331.tmp Handle ID: 3616 Operation ID: {0,616416} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3692 Operation ID: {0,616386} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3692 Operation ID: {0,616352} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3560 Operation ID: {0,616309} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3716 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3716 Operation ID: {0,616264} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar330.tmp Handle ID: 3692 Operation ID: {0,616239} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab32F.tmp Handle ID: 3692 Operation ID: {0,616234} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar330.tmp Handle ID: 3692 Operation ID: {0,616231} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3536 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3716 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3716 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar330.tmp Handle ID: 3716 Operation ID: {0,616218} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3536 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab32F.tmp Handle ID: 3692 Operation ID: {0,616217} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab32F.tmp Handle ID: 3536 Operation ID: {0,616216} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3536 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3536 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab32F.tmp Handle ID: 3536 Operation ID: {0,616205} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar330.tmp Handle ID: 3716 Operation ID: {0,616202} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab32F.tmp Handle ID: 3580 Operation ID: {0,616180} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar32E.tmp Handle ID: 3732 Operation ID: {0,616156} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab32D.tmp Handle ID: 3732 Operation ID: {0,616151} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar32E.tmp Handle ID: 3732 Operation ID: {0,616146} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar32E.tmp Handle ID: 3684 Operation ID: {0,616133} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab32D.tmp Handle ID: 3732 Operation ID: {0,616130} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab32D.tmp Handle ID: 3728 Operation ID: {0,616129} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab32D.tmp Handle ID: 3728 Operation ID: {0,616118} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar32E.tmp Handle ID: 3728 Operation ID: {0,616113} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab32D.tmp Handle ID: 3728 Operation ID: {0,616108} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3732 Operation ID: {0,616039} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3724 Operation ID: {0,616016} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,615914} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3732 Operation ID: {0,615890} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar32C.tmp Handle ID: 3708 Operation ID: {0,615838} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab32B.tmp Handle ID: 3708 Operation ID: {0,615829} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar32C.tmp Handle ID: 3708 Operation ID: {0,615822} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar32C.tmp Handle ID: 3768 Operation ID: {0,615807} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab32B.tmp Handle ID: 3708 Operation ID: {0,615800} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab32B.tmp Handle ID: 3420 Operation ID: {0,615799} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar32A.tmp Handle ID: 3708 Operation ID: {0,615777} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab329.tmp Handle ID: 3708 Operation ID: {0,615768} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar32A.tmp Handle ID: 3708 Operation ID: {0,615761} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab32B.tmp Handle ID: 3420 Operation ID: {0,615746} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar32C.tmp Handle ID: 3420 Operation ID: {0,615743} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab32B.tmp Handle ID: 3420 Operation ID: {0,615739} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar32A.tmp Handle ID: 3764 Operation ID: {0,615722} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab329.tmp Handle ID: 3708 Operation ID: {0,615704} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab329.tmp Handle ID: 3768 Operation ID: {0,615702} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,615687} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab329.tmp Handle ID: 3684 Operation ID: {0,615672} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar32A.tmp Handle ID: 3708 Operation ID: {0,615658} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,615638} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab329.tmp Handle ID: 3780 Operation ID: {0,615590} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3736 Operation ID: {0,615595} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3736 Operation ID: {0,615561} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3736 Operation ID: {0,615527} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3732 Operation ID: {0,615484} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3748 Operation ID: {0,615432} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar328.tmp Handle ID: 3768 Operation ID: {0,615407} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab327.tmp Handle ID: 3768 Operation ID: {0,615402} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar328.tmp Handle ID: 3768 Operation ID: {0,615399} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar328.tmp Handle ID: 3748 Operation ID: {0,615384} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab327.tmp Handle ID: 3768 Operation ID: {0,615383} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab327.tmp Handle ID: 3560 Operation ID: {0,615382} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab327.tmp Handle ID: 3560 Operation ID: {0,615370} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar328.tmp Handle ID: 3736 Operation ID: {0,615367} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab327.tmp Handle ID: 3736 Operation ID: {0,615360} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,615313} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar326.tmp Handle ID: 3736 Operation ID: {0,615284} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab325.tmp Handle ID: 3736 Operation ID: {0,615281} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar326.tmp Handle ID: 3736 Operation ID: {0,615278} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3764 Operation ID: {0,615238} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar326.tmp Handle ID: 3768 Operation ID: {0,615223} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab325.tmp Handle ID: 3736 Operation ID: {0,615220} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab325.tmp Handle ID: 3560 Operation ID: {0,615219} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab325.tmp Handle ID: 3560 Operation ID: {0,615208} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar326.tmp Handle ID: 3560 Operation ID: {0,615205} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab325.tmp Handle ID: 3560 Operation ID: {0,615197} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3732 Operation ID: {0,615144} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3732 Operation ID: {0,615080} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar324.tmp Handle ID: 3460 Operation ID: {0,615039} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab323.tmp Handle ID: 3460 Operation ID: {0,615036} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar324.tmp Handle ID: 3460 Operation ID: {0,615030} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,614975} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar324.tmp Handle ID: 3420 Operation ID: {0,614970} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab323.tmp Handle ID: 3460 Operation ID: {0,614969} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab323.tmp Handle ID: 3600 Operation ID: {0,614968} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab323.tmp Handle ID: 3600 Operation ID: {0,614959} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar324.tmp Handle ID: 3600 Operation ID: {0,614958} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab323.tmp Handle ID: 3600 Operation ID: {0,614952} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3780 Operation ID: {0,614917} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3780 Operation ID: {0,614879} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3732 Operation ID: {0,614836} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar322.tmp Handle ID: 3768 Operation ID: {0,614798} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab321.tmp Handle ID: 3768 Operation ID: {0,614789} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar322.tmp Handle ID: 3768 Operation ID: {0,614782} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar322.tmp Handle ID: 3580 Operation ID: {0,614765} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3788 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab321.tmp Handle ID: 3768 Operation ID: {0,614760} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab321.tmp Handle ID: 3788 Operation ID: {0,614755} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3788 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab321.tmp Handle ID: 3788 Operation ID: {0,614748} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar322.tmp Handle ID: 3788 Operation ID: {0,614745} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab321.tmp Handle ID: 3788 Operation ID: {0,614739} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3748 Operation ID: {0,614676} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3788 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3788 Operation ID: {0,614659} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,614605} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar320.tmp Handle ID: 3768 Operation ID: {0,614592} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab31F.tmp Handle ID: 3708 Operation ID: {0,614587} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar320.tmp Handle ID: 3736 Operation ID: {0,614583} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,614555} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar320.tmp Handle ID: 3724 Operation ID: {0,614542} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab31F.tmp Handle ID: 3736 Operation ID: {0,614539} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab31F.tmp Handle ID: 3340 Operation ID: {0,614538} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab31F.tmp Handle ID: 3340 Operation ID: {0,614529} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar320.tmp Handle ID: 3340 Operation ID: {0,614526} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab31F.tmp Handle ID: 3340 Operation ID: {0,614522} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3732 Operation ID: {0,614469} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3748 Operation ID: {0,614424} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3788 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3788 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar31E.tmp Handle ID: 3788 Operation ID: {0,614395} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3788 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3788 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab31D.tmp Handle ID: 3788 Operation ID: {0,614386} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3788 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar31E.tmp Handle ID: 3788 Operation ID: {0,614379} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3788 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar31E.tmp Handle ID: 3748 Operation ID: {0,614364} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab31D.tmp Handle ID: 3788 Operation ID: {0,614357} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab31D.tmp Handle ID: 3460 Operation ID: {0,614356} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab31D.tmp Handle ID: 3460 Operation ID: {0,614347} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar31E.tmp Handle ID: 3460 Operation ID: {0,614340} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab31D.tmp Handle ID: 3460 Operation ID: {0,614336} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3732 Operation ID: {0,614279} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3724 Operation ID: {0,614184} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3772 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3772 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3772 Operation ID: {0,614156} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar31A.tmp Handle ID: 3484 Operation ID: {0,614113} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab319.tmp Handle ID: 3484 Operation ID: {0,614096} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar31A.tmp Handle ID: 3484 Operation ID: {0,614092} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3788 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3788 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar31C.tmp Handle ID: 3788 Operation ID: {0,614066} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3788 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3788 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab31B.tmp Handle ID: 3788 Operation ID: {0,614057} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3788 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar31C.tmp Handle ID: 3788 Operation ID: {0,614050} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3788 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar31C.tmp Handle ID: 3460 Operation ID: {0,614029} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab31B.tmp Handle ID: 3788 Operation ID: {0,614024} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab31B.tmp Handle ID: 3752 Operation ID: {0,614023} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab31B.tmp Handle ID: 3752 Operation ID: {0,614012} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar31C.tmp Handle ID: 3752 Operation ID: {0,614005} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab31B.tmp Handle ID: 3752 Operation ID: {0,613999} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar31A.tmp Handle ID: 3560 Operation ID: {0,613994} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab319.tmp Handle ID: 3484 Operation ID: {0,613992} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab319.tmp Handle ID: 3420 Operation ID: {0,613990} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab319.tmp Handle ID: 3764 Operation ID: {0,613978} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar31A.tmp Handle ID: 3764 Operation ID: {0,613970} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab319.tmp Handle ID: 3420 Operation ID: {0,613959} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3460 Operation ID: {0,613951} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3340 Operation ID: {0,613906} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3788 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3788 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3788 Operation ID: {0,613865} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3560 Operation ID: {0,613843} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,613787} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3496 Operation ID: {0,613770} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3460 Operation ID: {0,613719} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar316.tmp Handle ID: 3420 Operation ID: {0,613684} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab315.tmp Handle ID: 3420 Operation ID: {0,613677} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar316.tmp Handle ID: 3420 Operation ID: {0,613672} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar316.tmp Handle ID: 3752 Operation ID: {0,613659} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab315.tmp Handle ID: 3420 Operation ID: {0,613656} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab315.tmp Handle ID: 3560 Operation ID: {0,613655} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab315.tmp Handle ID: 3560 Operation ID: {0,613644} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar318.tmp Handle ID: 3420 Operation ID: {0,613620} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab317.tmp Handle ID: 3420 Operation ID: {0,613615} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar318.tmp Handle ID: 3420 Operation ID: {0,613612} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar318.tmp Handle ID: 3460 Operation ID: {0,613597} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab317.tmp Handle ID: 3420 Operation ID: {0,613594} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab317.tmp Handle ID: 3752 Operation ID: {0,613593} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab317.tmp Handle ID: 3752 Operation ID: {0,613580} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar318.tmp Handle ID: 3752 Operation ID: {0,613577} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar316.tmp Handle ID: 3560 Operation ID: {0,613571} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab317.tmp Handle ID: 3560 Operation ID: {0,613573} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab315.tmp Handle ID: 3560 Operation ID: {0,613544} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3764 Operation ID: {0,613496} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,613456} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,613353} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3724 Operation ID: {0,613330} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar314.tmp Handle ID: 3460 Operation ID: {0,613291} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab313.tmp Handle ID: 3460 Operation ID: {0,613284} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar314.tmp Handle ID: 3460 Operation ID: {0,613281} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar314.tmp Handle ID: 3776 Operation ID: {0,613268} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab313.tmp Handle ID: 3460 Operation ID: {0,613265} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab313.tmp Handle ID: 3484 Operation ID: {0,613264} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab313.tmp Handle ID: 3484 Operation ID: {0,613251} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar314.tmp Handle ID: 3484 Operation ID: {0,613248} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab313.tmp Handle ID: 3600 Operation ID: {0,613206} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar312.tmp Handle ID: 3600 Operation ID: {0,613220} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab311.tmp Handle ID: 3600 Operation ID: {0,613209} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar312.tmp Handle ID: 3600 Operation ID: {0,613199} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3460 Operation ID: {0,613162} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3460 Operation ID: {0,613124} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,613079} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar312.tmp Handle ID: 3776 Operation ID: {0,613068} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab311.tmp Handle ID: 3560 Operation ID: {0,613063} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab311.tmp Handle ID: 3748 Operation ID: {0,613062} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab311.tmp Handle ID: 3748 Operation ID: {0,613051} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar312.tmp Handle ID: 3748 Operation ID: {0,613048} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab311.tmp Handle ID: 3748 Operation ID: {0,613042} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,613009} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,612975} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,612934} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar310.tmp Handle ID: 3484 Operation ID: {0,612889} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab30F.tmp Handle ID: 3484 Operation ID: {0,612880} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar310.tmp Handle ID: 3484 Operation ID: {0,612877} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar310.tmp Handle ID: 3764 Operation ID: {0,612858} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab30F.tmp Handle ID: 3484 Operation ID: {0,612857} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab30F.tmp Handle ID: 3684 Operation ID: {0,612856} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab30F.tmp Handle ID: 3684 Operation ID: {0,612845} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar310.tmp Handle ID: 3684 Operation ID: {0,612842} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab30F.tmp Handle ID: 3684 Operation ID: {0,612836} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,612783} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,612720} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar30E.tmp Handle ID: 3600 Operation ID: {0,612686} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab30D.tmp Handle ID: 3600 Operation ID: {0,612677} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar30E.tmp Handle ID: 3600 Operation ID: {0,612674} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar30E.tmp Handle ID: 3684 Operation ID: {0,612657} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab30D.tmp Handle ID: 3600 Operation ID: {0,612654} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab30D.tmp Handle ID: 3732 Operation ID: {0,612653} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab30D.tmp Handle ID: 3732 Operation ID: {0,612642} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar30E.tmp Handle ID: 3732 Operation ID: {0,612637} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab30D.tmp Handle ID: 3732 Operation ID: {0,612633} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,612598} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,612560} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,612519} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar30C.tmp Handle ID: 3476 Operation ID: {0,612452} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab30B.tmp Handle ID: 3476 Operation ID: {0,612443} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar30C.tmp Handle ID: 3476 Operation ID: {0,612436} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar30C.tmp Handle ID: 3600 Operation ID: {0,612421} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3716 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab30B.tmp Handle ID: 3476 Operation ID: {0,612414} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab30B.tmp Handle ID: 3716 Operation ID: {0,612413} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3716 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab30B.tmp Handle ID: 3716 Operation ID: {0,612404} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar30C.tmp Handle ID: 3716 Operation ID: {0,612399} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab30B.tmp Handle ID: 3716 Operation ID: {0,612393} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3752 Operation ID: {0,612340} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3752 Operation ID: {0,612277} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar30A.tmp Handle ID: 3600 Operation ID: {0,612239} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab309.tmp Handle ID: 3600 Operation ID: {0,612226} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar30A.tmp Handle ID: 3600 Operation ID: {0,612223} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3716 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3716 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar30A.tmp Handle ID: 3716 Operation ID: {0,612205} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab309.tmp Handle ID: 3600 Operation ID: {0,612201} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab309.tmp Handle ID: 3780 Operation ID: {0,612200} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab309.tmp Handle ID: 3780 Operation ID: {0,612189} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar30A.tmp Handle ID: 3780 Operation ID: {0,612186} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab309.tmp Handle ID: 3780 Operation ID: {0,612178} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3716 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3716 Operation ID: {0,612145} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3716 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3716 Operation ID: {0,612107} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3752 Operation ID: {0,612064} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3744 Operation ID: {0,612014} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3716 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3716 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar308.tmp Handle ID: 3716 Operation ID: {0,611983} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3716 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3716 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab307.tmp Handle ID: 3716 Operation ID: {0,611978} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3716 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar308.tmp Handle ID: 3716 Operation ID: {0,611973} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3716 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar308.tmp Handle ID: 3744 Operation ID: {0,611960} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab307.tmp Handle ID: 3716 Operation ID: {0,611955} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab307.tmp Handle ID: 3560 Operation ID: {0,611954} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab307.tmp Handle ID: 3764 Operation ID: {0,611934} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar308.tmp Handle ID: 3660 Operation ID: {0,611933} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab307.tmp Handle ID: 3660 Operation ID: {0,611911} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,611858} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar306.tmp Handle ID: 3752 Operation ID: {0,611843} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab305.tmp Handle ID: 3752 Operation ID: {0,611836} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar306.tmp Handle ID: 3752 Operation ID: {0,611829} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar306.tmp Handle ID: 3776 Operation ID: {0,611812} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab305.tmp Handle ID: 3752 Operation ID: {0,611809} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab305.tmp Handle ID: 3748 Operation ID: {0,611808} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab305.tmp Handle ID: 3748 Operation ID: {0,611799} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar306.tmp Handle ID: 3748 Operation ID: {0,611798} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab305.tmp Handle ID: 3748 Operation ID: {0,611792} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3724 Operation ID: {0,611739} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3724 Operation ID: {0,611676} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar304.tmp Handle ID: 3708 Operation ID: {0,611633} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab303.tmp Handle ID: 3708 Operation ID: {0,611624} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar304.tmp Handle ID: 3708 Operation ID: {0,611617} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar304.tmp Handle ID: 3768 Operation ID: {0,611600} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab303.tmp Handle ID: 3708 Operation ID: {0,611595} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab303.tmp Handle ID: 3340 Operation ID: {0,611594} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab303.tmp Handle ID: 3340 Operation ID: {0,611583} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar304.tmp Handle ID: 3340 Operation ID: {0,611580} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab303.tmp Handle ID: 3340 Operation ID: {0,611574} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,611539} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3728 Operation ID: {0,611464} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3780 Operation ID: {0,611443} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3724 Operation ID: {0,611400} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar302.tmp Handle ID: 3580 Operation ID: {0,611366} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab301.tmp Handle ID: 3580 Operation ID: {0,611361} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar302.tmp Handle ID: 3580 Operation ID: {0,611356} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar302.tmp Handle ID: 3684 Operation ID: {0,611341} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab301.tmp Handle ID: 3580 Operation ID: {0,611330} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab301.tmp Handle ID: 3776 Operation ID: {0,611329} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab301.tmp Handle ID: 3776 Operation ID: {0,611318} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar302.tmp Handle ID: 3776 Operation ID: {0,611315} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab301.tmp Handle ID: 3776 Operation ID: {0,611311} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3484 Operation ID: {0,611254} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,611227} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3484 Operation ID: {0,611192} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3660 Operation ID: {0,611124} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar300.tmp Handle ID: 3660 Operation ID: {0,611117} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2FF.tmp Handle ID: 3684 Operation ID: {0,611104} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar300.tmp Handle ID: 3684 Operation ID: {0,611101} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar300.tmp Handle ID: 3660 Operation ID: {0,611084} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2FF.tmp Handle ID: 3684 Operation ID: {0,611079} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2FF.tmp Handle ID: 3748 Operation ID: {0,611078} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2FF.tmp Handle ID: 3748 Operation ID: {0,611067} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar300.tmp Handle ID: 3748 Operation ID: {0,611064} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2FF.tmp Handle ID: 3748 Operation ID: {0,611058} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3752 Operation ID: {0,610993} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2FE.tmp Handle ID: 3776 Operation ID: {0,610962} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2FD.tmp Handle ID: 3776 Operation ID: {0,610957} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2FE.tmp Handle ID: 3776 Operation ID: {0,610950} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2FE.tmp Handle ID: 3752 Operation ID: {0,610937} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2FD.tmp Handle ID: 3776 Operation ID: {0,610934} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2FD.tmp Handle ID: 3476 Operation ID: {0,610933} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2FD.tmp Handle ID: 3476 Operation ID: {0,610922} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2FE.tmp Handle ID: 3476 Operation ID: {0,610921} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2FD.tmp Handle ID: 3724 Operation ID: {0,610913} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3760 Operation ID: {0,610764} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3736 Operation ID: {0,610743} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3736 Operation ID: {0,610680} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3736 Operation ID: {0,610617} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2FC.tmp Handle ID: 3660 Operation ID: {0,610579} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2FB.tmp Handle ID: 3660 Operation ID: {0,610578} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2FC.tmp Handle ID: 3660 Operation ID: {0,610577} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2FC.tmp Handle ID: 3728 Operation ID: {0,610570} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2FB.tmp Handle ID: 3660 Operation ID: {0,610567} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2FB.tmp Handle ID: 3600 Operation ID: {0,610566} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2FB.tmp Handle ID: 3600 Operation ID: {0,610555} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2FC.tmp Handle ID: 3580 Operation ID: {0,610548} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2FB.tmp Handle ID: 3484 Operation ID: {0,610541} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3724 Operation ID: {0,610488} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2FA.tmp Handle ID: 3732 Operation ID: {0,610458} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2F9.tmp Handle ID: 3732 Operation ID: {0,610446} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2FA.tmp Handle ID: 3732 Operation ID: {0,610442} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3340 Operation ID: {0,610423} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2FA.tmp Handle ID: 3752 Operation ID: {0,610396} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2F9.tmp Handle ID: 3724 Operation ID: {0,610393} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2F9.tmp Handle ID: 3732 Operation ID: {0,610388} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2F9.tmp Handle ID: 3420 Operation ID: {0,610371} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2FA.tmp Handle ID: 3648 Operation ID: {0,610355} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,610360} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2F9.tmp Handle ID: 3496 Operation ID: {0,610349} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,610314} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3776 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3776 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3776 Operation ID: {0,610276} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,610233} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,610190} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2F8.tmp Handle ID: 3484 Operation ID: {0,610161} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2F7.tmp Handle ID: 3484 Operation ID: {0,610148} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2F8.tmp Handle ID: 3484 Operation ID: {0,610145} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2F8.tmp Handle ID: 3600 Operation ID: {0,610128} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2F7.tmp Handle ID: 3484 Operation ID: {0,610123} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2F7.tmp Handle ID: 3748 Operation ID: {0,610122} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2F7.tmp Handle ID: 3748 Operation ID: {0,610111} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2F8.tmp Handle ID: 3748 Operation ID: {0,610108} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2F7.tmp Handle ID: 3748 Operation ID: {0,610102} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,610045} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,610004} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2F6.tmp Handle ID: 3420 Operation ID: {0,609977} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2F5.tmp Handle ID: 3420 Operation ID: {0,609968} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2F6.tmp Handle ID: 3420 Operation ID: {0,609965} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2F6.tmp Handle ID: 3648 Operation ID: {0,609950} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2F5.tmp Handle ID: 3420 Operation ID: {0,609947} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2F5.tmp Handle ID: 3340 Operation ID: {0,609946} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2F5.tmp Handle ID: 3340 Operation ID: {0,609935} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2F6.tmp Handle ID: 3340 Operation ID: {0,609934} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2F5.tmp Handle ID: 3340 Operation ID: {0,609928} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3736 Operation ID: {0,609875} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3780 Operation ID: {0,609811} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3728 Operation ID: {0,609742} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2F4.tmp Handle ID: 3768 Operation ID: {0,609711} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2F3.tmp Handle ID: 3768 Operation ID: {0,609700} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2F4.tmp Handle ID: 3768 Operation ID: {0,609695} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2F4.tmp Handle ID: 3728 Operation ID: {0,609676} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2F3.tmp Handle ID: 3768 Operation ID: {0,609673} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2F3.tmp Handle ID: 3648 Operation ID: {0,609672} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2F3.tmp Handle ID: 3648 Operation ID: {0,609663} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2F4.tmp Handle ID: 3648 Operation ID: {0,609658} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2F3.tmp Handle ID: 3648 Operation ID: {0,609652} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2F2.tmp Handle ID: 3340 Operation ID: {0,609594} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2F1.tmp Handle ID: 3340 Operation ID: {0,609589} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2F2.tmp Handle ID: 3340 Operation ID: {0,609584} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2F2.tmp Handle ID: 3732 Operation ID: {0,609571} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2F1.tmp Handle ID: 3340 Operation ID: {0,609568} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2F1.tmp Handle ID: 3728 Operation ID: {0,609567} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2F1.tmp Handle ID: 3728 Operation ID: {0,609558} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2F2.tmp Handle ID: 3728 Operation ID: {0,609557} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2F1.tmp Handle ID: 3752 Operation ID: {0,609549} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3768 Operation ID: {0,609538} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3340 Operation ID: {0,609494} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,609467} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,609429} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,609358} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,609343} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3708 Operation ID: {0,609289} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3588 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3588 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2F0.tmp Handle ID: 3588 Operation ID: {0,609238} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3588 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3588 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2EF.tmp Handle ID: 3588 Operation ID: {0,609237} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3588 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2F0.tmp Handle ID: 3588 Operation ID: {0,609236} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2EE.tmp Handle ID: 3648 Operation ID: {0,609235} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2ED.tmp Handle ID: 3648 Operation ID: {0,609234} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2EE.tmp Handle ID: 3648 Operation ID: {0,609233} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3588 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2F0.tmp Handle ID: 3496 Operation ID: {0,609232} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2EF.tmp Handle ID: 3588 Operation ID: {0,609231} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2EF.tmp Handle ID: 3684 Operation ID: {0,609230} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2EF.tmp Handle ID: 3684 Operation ID: {0,609227} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2F0.tmp Handle ID: 3684 Operation ID: {0,609226} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2EF.tmp Handle ID: 3684 Operation ID: {0,609224} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2EE.tmp Handle ID: 3708 Operation ID: {0,609219} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2ED.tmp Handle ID: 3648 Operation ID: {0,609216} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2ED.tmp Handle ID: 3600 Operation ID: {0,609215} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2ED.tmp Handle ID: 3600 Operation ID: {0,609201} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2EE.tmp Handle ID: 3484 Operation ID: {0,609193} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2ED.tmp Handle ID: 3732 Operation ID: {0,609184} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3748 Operation ID: {0,609137} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,609097} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,609031} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2EC.tmp Handle ID: 3728 Operation ID: {0,608964} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2EB.tmp Handle ID: 3728 Operation ID: {0,608955} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2EC.tmp Handle ID: 3728 Operation ID: {0,608948} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2EC.tmp Handle ID: 3748 Operation ID: {0,608931} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2EB.tmp Handle ID: 3728 Operation ID: {0,608928} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2EB.tmp Handle ID: 3724 Operation ID: {0,608925} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2EB.tmp Handle ID: 3724 Operation ID: {0,608914} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2EC.tmp Handle ID: 3724 Operation ID: {0,608911} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2EB.tmp Handle ID: 3724 Operation ID: {0,608905} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3748 Operation ID: {0,608870} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3748 Operation ID: {0,608816} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,608782} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3748 Operation ID: {0,608756} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2EA.tmp Handle ID: 3648 Operation ID: {0,608704} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2E9.tmp Handle ID: 3648 Operation ID: {0,608695} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2EA.tmp Handle ID: 3648 Operation ID: {0,608688} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2EA.tmp Handle ID: 3708 Operation ID: {0,608671} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2E9.tmp Handle ID: 3648 Operation ID: {0,608666} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2E9.tmp Handle ID: 3496 Operation ID: {0,608665} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2E9.tmp Handle ID: 3496 Operation ID: {0,608654} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2EA.tmp Handle ID: 3496 Operation ID: {0,608651} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2E9.tmp Handle ID: 3496 Operation ID: {0,608645} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3708 Operation ID: {0,608610} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3708 Operation ID: {0,608572} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3748 Operation ID: {0,608529} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2E8.tmp Handle ID: 3496 Operation ID: {0,608492} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2E7.tmp Handle ID: 3496 Operation ID: {0,608487} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2E8.tmp Handle ID: 3496 Operation ID: {0,608484} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2E8.tmp Handle ID: 3600 Operation ID: {0,608471} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2E7.tmp Handle ID: 3496 Operation ID: {0,608468} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2E7.tmp Handle ID: 3648 Operation ID: {0,608467} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2E7.tmp Handle ID: 3648 Operation ID: {0,608456} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2E8.tmp Handle ID: 3648 Operation ID: {0,608453} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2E7.tmp Handle ID: 3648 Operation ID: {0,608449} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3748 Operation ID: {0,608396} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3748 Operation ID: {0,608329} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2E6.tmp Handle ID: 3708 Operation ID: {0,608295} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2E5.tmp Handle ID: 3708 Operation ID: {0,608290} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2E6.tmp Handle ID: 3708 Operation ID: {0,608287} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2E6.tmp Handle ID: 3496 Operation ID: {0,608274} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2E5.tmp Handle ID: 3708 Operation ID: {0,608271} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2E5.tmp Handle ID: 3340 Operation ID: {0,608270} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2E5.tmp Handle ID: 3340 Operation ID: {0,608259} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2E6.tmp Handle ID: 3340 Operation ID: {0,608256} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2E5.tmp Handle ID: 3340 Operation ID: {0,608252} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3496 Operation ID: {0,608217} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3496 Operation ID: {0,608179} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3496 Operation ID: {0,608138} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2E4.tmp Handle ID: 2540 Operation ID: {0,608022} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2E3.tmp Handle ID: 2540 Operation ID: {0,608013} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2E4.tmp Handle ID: 2540 Operation ID: {0,608006} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2E4.tmp Handle ID: 3708 Operation ID: {0,607991} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2E3.tmp Handle ID: 2540 Operation ID: {0,607984} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2E3.tmp Handle ID: 3764 Operation ID: {0,607983} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2E3.tmp Handle ID: 3764 Operation ID: {0,607974} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2E4.tmp Handle ID: 3764 Operation ID: {0,607967} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2E3.tmp Handle ID: 3764 Operation ID: {0,607963} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,607909} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,607843} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2E2.tmp Handle ID: 3496 Operation ID: {0,607801} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2E1.tmp Handle ID: 3496 Operation ID: {0,607792} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2E2.tmp Handle ID: 3496 Operation ID: {0,607785} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2E2.tmp Handle ID: 2540 Operation ID: {0,607768} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2E1.tmp Handle ID: 3496 Operation ID: {0,607763} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2E1.tmp Handle ID: 3728 Operation ID: {0,607762} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2E1.tmp Handle ID: 3728 Operation ID: {0,607751} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2E2.tmp Handle ID: 3728 Operation ID: {0,607748} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2E1.tmp Handle ID: 3728 Operation ID: {0,607742} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,607709} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,607675} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,607632} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3764 Operation ID: {0,607585} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2E0.tmp Handle ID: 3728 Operation ID: {0,607560} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2DF.tmp Handle ID: 3728 Operation ID: {0,607559} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2E0.tmp Handle ID: 3728 Operation ID: {0,607558} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2E0.tmp Handle ID: 3764 Operation ID: {0,607557} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2DF.tmp Handle ID: 3728 Operation ID: {0,607556} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2DF.tmp Handle ID: 3648 Operation ID: {0,607555} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2DF.tmp Handle ID: 3648 Operation ID: {0,607552} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2E0.tmp Handle ID: 3648 Operation ID: {0,607551} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2DF.tmp Handle ID: 3648 Operation ID: {0,607546} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,607495} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2DE.tmp Handle ID: 3744 Operation ID: {0,607449} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2DD.tmp Handle ID: 3744 Operation ID: {0,607442} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2DE.tmp Handle ID: 3744 Operation ID: {0,607439} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2DE.tmp Handle ID: 3728 Operation ID: {0,607426} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3588 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2DD.tmp Handle ID: 3744 Operation ID: {0,607423} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2DD.tmp Handle ID: 3588 Operation ID: {0,607422} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3588 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2DD.tmp Handle ID: 3588 Operation ID: {0,607411} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2DE.tmp Handle ID: 3588 Operation ID: {0,607408} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2DD.tmp Handle ID: 3588 Operation ID: {0,607404} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3736 Operation ID: {0,607318} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3748 Operation ID: {0,607292} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2DC.tmp Handle ID: 3420 Operation ID: {0,607250} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2DB.tmp Handle ID: 3420 Operation ID: {0,607249} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2DC.tmp Handle ID: 3420 Operation ID: {0,607248} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2DC.tmp Handle ID: 3460 Operation ID: {0,607247} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2DB.tmp Handle ID: 3420 Operation ID: {0,607246} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2DB.tmp Handle ID: 3684 Operation ID: {0,607245} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2DB.tmp Handle ID: 3684 Operation ID: {0,607242} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2DC.tmp Handle ID: 3684 Operation ID: {0,607239} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2DB.tmp Handle ID: 3684 Operation ID: {0,607233} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3460 Operation ID: {0,607204} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3460 Operation ID: {0,607168} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,607108} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3484 Operation ID: {0,607068} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3732 Operation ID: {0,607014} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2DA.tmp Handle ID: 3476 Operation ID: {0,606968} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2D9.tmp Handle ID: 3476 Operation ID: {0,606965} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2DA.tmp Handle ID: 3476 Operation ID: {0,606962} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2D8.tmp Handle ID: 3764 Operation ID: {0,606951} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2D7.tmp Handle ID: 3764 Operation ID: {0,606950} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2DA.tmp Handle ID: 3732 Operation ID: {0,606949} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2D8.tmp Handle ID: 3732 Operation ID: {0,606948} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2D9.tmp Handle ID: 3476 Operation ID: {0,606947} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2D9.tmp Handle ID: 3752 Operation ID: {0,606946} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2D9.tmp Handle ID: 3764 Operation ID: {0,606943} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2DA.tmp Handle ID: 3764 Operation ID: {0,606942} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2D9.tmp Handle ID: 3764 Operation ID: {0,606934} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,606905} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2D8.tmp Handle ID: 3732 Operation ID: {0,606901} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2D7.tmp Handle ID: 3752 Operation ID: {0,606899} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2D7.tmp Handle ID: 3476 Operation ID: {0,606897} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2D7.tmp Handle ID: 3732 Operation ID: {0,606884} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2D8.tmp Handle ID: 2540 Operation ID: {0,606874} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2D7.tmp Handle ID: 2540 Operation ID: {0,606853} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3752 Operation ID: {0,606856} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3736 Operation ID: {0,606792} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,606757} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,606652} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3732 Operation ID: {0,606643} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2D6.tmp Handle ID: 3764 Operation ID: {0,606618} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2D5.tmp Handle ID: 3764 Operation ID: {0,606611} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2D6.tmp Handle ID: 3764 Operation ID: {0,606608} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2D6.tmp Handle ID: 3732 Operation ID: {0,606595} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2D5.tmp Handle ID: 3764 Operation ID: {0,606592} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2D5.tmp Handle ID: 2540 Operation ID: {0,606591} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2D5.tmp Handle ID: 2540 Operation ID: {0,606580} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2D6.tmp Handle ID: 2540 Operation ID: {0,606577} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2D5.tmp Handle ID: 2540 Operation ID: {0,606573} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,606519} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2D4.tmp Handle ID: 3476 Operation ID: {0,606483} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2D3.tmp Handle ID: 3476 Operation ID: {0,606472} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2D4.tmp Handle ID: 3476 Operation ID: {0,606469} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2D4.tmp Handle ID: 3744 Operation ID: {0,606450} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2D3.tmp Handle ID: 3476 Operation ID: {0,606445} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2D3.tmp Handle ID: 3420 Operation ID: {0,606444} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2D3.tmp Handle ID: 3420 Operation ID: {0,606433} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2D4.tmp Handle ID: 3420 Operation ID: {0,606430} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2D3.tmp Handle ID: 3420 Operation ID: {0,606424} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3744 Operation ID: {0,606389} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3728 Operation ID: {0,606342} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,606285} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3748 Operation ID: {0,606236} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3648 Operation ID: {0,606182} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2D2.tmp Handle ID: 3460 Operation ID: {0,606137} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2D1.tmp Handle ID: 3460 Operation ID: {0,606132} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2D2.tmp Handle ID: 3460 Operation ID: {0,606127} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2D2.tmp Handle ID: 3420 Operation ID: {0,606114} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2D1.tmp Handle ID: 3460 Operation ID: {0,606111} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2D1.tmp Handle ID: 3728 Operation ID: {0,606110} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2D1.tmp Handle ID: 3728 Operation ID: {0,606099} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2D2.tmp Handle ID: 3728 Operation ID: {0,606096} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2D1.tmp Handle ID: 3728 Operation ID: {0,606052} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2D0.tmp Handle ID: 3728 Operation ID: {0,606088} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2CF.tmp Handle ID: 3728 Operation ID: {0,606081} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2D0.tmp Handle ID: 3728 Operation ID: {0,606078} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2D0.tmp Handle ID: 3420 Operation ID: {0,606063} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2CF.tmp Handle ID: 3728 Operation ID: {0,606060} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2CF.tmp Handle ID: 3460 Operation ID: {0,606059} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2CF.tmp Handle ID: 3460 Operation ID: {0,606033} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,606016} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2D0.tmp Handle ID: 3648 Operation ID: {0,605965} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,605974} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2CF.tmp Handle ID: 3728 Operation ID: {0,605960} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3760 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3760 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3760 Operation ID: {0,605887} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3748 Operation ID: {0,605866} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3724 Operation ID: {0,605811} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2CE.tmp Handle ID: 3460 Operation ID: {0,605783} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2CD.tmp Handle ID: 3460 Operation ID: {0,605778} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2CE.tmp Handle ID: 3460 Operation ID: {0,605773} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2CE.tmp Handle ID: 3724 Operation ID: {0,605760} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2CD.tmp Handle ID: 3460 Operation ID: {0,605757} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2CD.tmp Handle ID: 3648 Operation ID: {0,605756} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2CD.tmp Handle ID: 3648 Operation ID: {0,605745} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2CE.tmp Handle ID: 3648 Operation ID: {0,605742} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2CD.tmp Handle ID: 3460 Operation ID: {0,605737} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3588 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3588 Operation ID: {0,605636} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3736 Operation ID: {0,605635} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2CC.tmp Handle ID: 2540 Operation ID: {0,605535} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3708 Operation ID: {0,605532} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2CB.tmp Handle ID: 3340 Operation ID: {0,605517} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2CC.tmp Handle ID: 3340 Operation ID: {0,605514} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2CC.tmp Handle ID: 3708 Operation ID: {0,605497} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2CB.tmp Handle ID: 3340 Operation ID: {0,605492} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2CB.tmp Handle ID: 3648 Operation ID: {0,605491} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2CB.tmp Handle ID: 3648 Operation ID: {0,605480} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2CC.tmp Handle ID: 3648 Operation ID: {0,605477} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2CB.tmp Handle ID: 3648 Operation ID: {0,605469} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3708 Operation ID: {0,605438} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3708 Operation ID: {0,605404} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2CA.tmp Handle ID: 3460 Operation ID: {0,605345} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2C9.tmp Handle ID: 3460 Operation ID: {0,605338} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2CA.tmp Handle ID: 3460 Operation ID: {0,605335} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2CA.tmp Handle ID: 3480 Operation ID: {0,605314} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2C9.tmp Handle ID: 3460 Operation ID: {0,605311} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2C9.tmp Handle ID: 3420 Operation ID: {0,605310} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,605307} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2C9.tmp Handle ID: 3420 Operation ID: {0,605298} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2CA.tmp Handle ID: 3732 Operation ID: {0,605295} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2C9.tmp Handle ID: 3732 Operation ID: {0,605291} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,605256} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,605218} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3728 Operation ID: {0,605175} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2C8.tmp Handle ID: 3708 Operation ID: {0,605138} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2C7.tmp Handle ID: 3708 Operation ID: {0,605127} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2C8.tmp Handle ID: 3708 Operation ID: {0,605120} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2C8.tmp Handle ID: 3580 Operation ID: {0,605094} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2C7.tmp Handle ID: 3708 Operation ID: {0,605088} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2C7.tmp Handle ID: 2540 Operation ID: {0,605086} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2C7.tmp Handle ID: 2540 Operation ID: {0,605057} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2C8.tmp Handle ID: 3580 Operation ID: {0,605037} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,605046} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2C7.tmp Handle ID: 3732 Operation ID: {0,605029} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2C6.tmp Handle ID: 3732 Operation ID: {0,604997} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2C5.tmp Handle ID: 3732 Operation ID: {0,604992} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2C6.tmp Handle ID: 3732 Operation ID: {0,604989} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3732 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3744 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3732 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2C6.tmp Handle ID: 2540 Operation ID: {0,604947} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3744 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3744 Operation ID: {0,604946} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2C5.tmp Handle ID: 3732 Operation ID: {0,604945} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2C5.tmp Handle ID: 3480 Operation ID: {0,604942} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2C5.tmp Handle ID: 3420 Operation ID: {0,604929} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2C6.tmp Handle ID: 3420 Operation ID: {0,604924} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2C5.tmp Handle ID: 3420 Operation ID: {0,604920} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3728 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3728 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3728 Operation ID: {0,604867} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3748 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3748 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3748 Operation ID: {0,604764} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3736 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3736 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3736 Operation ID: {0,604737} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3720 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3720 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3720 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3720 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2C2.tmp Handle ID: 3720 Operation ID: {0,604691} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3720 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3720 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3720 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3720 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2C1.tmp Handle ID: 3720 Operation ID: {0,604686} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3720 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3720 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2C2.tmp Handle ID: 3720 Operation ID: {0,604681} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3720 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3740 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3740 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2C4.tmp Handle ID: 3460 Operation ID: {0,604655} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2C3.tmp Handle ID: 3460 Operation ID: {0,604650} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2C4.tmp Handle ID: 3460 Operation ID: {0,604645} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3724 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3724 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2C4.tmp Handle ID: 3724 Operation ID: {0,604632} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2C3.tmp Handle ID: 3460 Operation ID: {0,604629} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2C3.tmp Handle ID: 3648 Operation ID: {0,604628} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2C3.tmp Handle ID: 3648 Operation ID: {0,604621} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2C4.tmp Handle ID: 3648 Operation ID: {0,604610} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3740 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3720 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2C2.tmp Handle ID: 3740 Operation ID: {0,604604} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3740 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2C3.tmp Handle ID: 3740 Operation ID: {0,604603} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2C1.tmp Handle ID: 3720 Operation ID: {0,604598} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2C1.tmp Handle ID: 3324 Operation ID: {0,604596} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2C1.tmp Handle ID: 3460 Operation ID: {0,604568} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3740 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2C2.tmp Handle ID: 3460 Operation ID: {0,604555} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3740 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3740 Operation ID: {0,604551} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3720 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2C1.tmp Handle ID: 3720 Operation ID: {0,604537} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3740 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3740 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3740 Operation ID: {0,604495} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,604449} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3460 Operation ID: {0,604432} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3460 Operation ID: {0,604394} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3460 Operation ID: {0,604355} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3740 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3740 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3740 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3740 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2C0.tmp Handle ID: 3740 Operation ID: {0,604310} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3740 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3740 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3740 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3740 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2BF.tmp Handle ID: 3740 Operation ID: {0,604305} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3740 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3740 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2C0.tmp Handle ID: 3740 Operation ID: {0,604300} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3740 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3740 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2C0.tmp Handle ID: 3600 Operation ID: {0,604287} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2BF.tmp Handle ID: 3740 Operation ID: {0,604284} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2BF.tmp Handle ID: 3752 Operation ID: {0,604283} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3752 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2BF.tmp Handle ID: 3752 Operation ID: {0,604272} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2C0.tmp Handle ID: 3752 Operation ID: {0,604268} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3752 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2BF.tmp Handle ID: 3752 Operation ID: {0,604265} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3460 Operation ID: {0,604212} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3340 Operation ID: {0,604118} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3740 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3740 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3740 Operation ID: {0,604087} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3740 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3740 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3740 Operation ID: {0,604069} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3740 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3740 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3740 Operation ID: {0,604051} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3740 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3740 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3740 Operation ID: {0,604031} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3740 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3740 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3740 Operation ID: {0,604013} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3740 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3740 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3740 Operation ID: {0,603995} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3740 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3740 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3740 Operation ID: {0,603977} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3740 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3740 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3740 Operation ID: {0,603959} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3740 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3740 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3740 Operation ID: {0,603941} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3740 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3740 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3740 Operation ID: {0,603923} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3740 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3740 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3740 Operation ID: {0,603905} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3740 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3740 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3740 Operation ID: {0,603887} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3740 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3740 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3740 Operation ID: {0,603869} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3740 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3740 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3740 Operation ID: {0,603851} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3504 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3504 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3504 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3504 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2BE.tmp Handle ID: 3504 Operation ID: {0,603746} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3504 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3504 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3504 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3504 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2BD.tmp Handle ID: 3504 Operation ID: {0,603741} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3504 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3504 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2BE.tmp Handle ID: 3504 Operation ID: {0,603736} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3504 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3588 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,603715} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,603693} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,603675} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,603657} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,603639} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,603621} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,603603} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,603585} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,603562} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,603544} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,603526} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,603506} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,603488} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,603470} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,603452} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,603434} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,603416} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,603398} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,603380} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,603362} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,603344} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,603326} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,603308} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,603286} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,603268} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,603250} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,603232} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,603214} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,603196} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3684 Operation ID: {0,603178} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3588 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3504 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2BE.tmp Handle ID: 3588 Operation ID: {0,603164} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2BD.tmp Handle ID: 3504 Operation ID: {0,603161} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2BD.tmp Handle ID: 3580 Operation ID: {0,603160} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2BD.tmp Handle ID: 3580 Operation ID: {0,603149} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2BE.tmp Handle ID: 3580 Operation ID: {0,603144} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2BD.tmp Handle ID: 3580 Operation ID: {0,603140} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3588 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3588 Operation ID: {0,603096} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 488 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 488 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 488 Operation ID: {0,603028} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 488 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 488 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 488 Operation ID: {0,602982} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3520 Operation ID: {0,602929} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3520 Operation ID: {0,602911} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3520 Operation ID: {0,602893} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3520 Operation ID: {0,602873} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3520 Operation ID: {0,602855} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3520 Operation ID: {0,602837} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3520 Operation ID: {0,602819} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3520 Operation ID: {0,602801} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3520 Operation ID: {0,602783} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3520 Operation ID: {0,602765} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3520 Operation ID: {0,602747} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3520 Operation ID: {0,602729} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3520 Operation ID: {0,602711} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3520 Operation ID: {0,602693} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3520 Operation ID: {0,602675} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3520 Operation ID: {0,602653} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3520 Operation ID: {0,602635} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3520 Operation ID: {0,602617} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3520 Operation ID: {0,602599} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3520 Operation ID: {0,602581} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3520 Operation ID: {0,602563} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3520 Operation ID: {0,602545} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3644 Operation ID: {0,602222} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3644 Operation ID: {0,602204} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3644 Operation ID: {0,602186} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3644 Operation ID: {0,602166} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3644 Operation ID: {0,602148} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3644 Operation ID: {0,602130} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3644 Operation ID: {0,602112} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3644 Operation ID: {0,602094} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3644 Operation ID: {0,602076} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3644 Operation ID: {0,602058} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3644 Operation ID: {0,602040} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3644 Operation ID: {0,602022} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3644 Operation ID: {0,602004} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3644 Operation ID: {0,601986} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3644 Operation ID: {0,601968} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3644 Operation ID: {0,601946} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3644 Operation ID: {0,601928} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3644 Operation ID: {0,601910} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3644 Operation ID: {0,601892} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3644 Operation ID: {0,601874} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3644 Operation ID: {0,601856} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3644 Operation ID: {0,601838} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2BC.tmp Handle ID: 3692 Operation ID: {0,601336} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2BB.tmp Handle ID: 3692 Operation ID: {0,601333} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2BC.tmp Handle ID: 3692 Operation ID: {0,601328} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3680 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3676 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3676 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2BC.tmp Handle ID: 3676 Operation ID: {0,601315} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3680 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2BB.tmp Handle ID: 3692 Operation ID: {0,601312} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2BB.tmp Handle ID: 3680 Operation ID: {0,601311} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3680 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3680 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2BB.tmp Handle ID: 3680 Operation ID: {0,601298} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3680 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2BC.tmp Handle ID: 3680 Operation ID: {0,601295} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3680 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2BB.tmp Handle ID: 3680 Operation ID: {0,601291} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,601238} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,601175} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3672 Operation ID: {0,601126} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2BA.tmp Handle ID: 3544 Operation ID: {0,601060} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2B9.tmp Handle ID: 3544 Operation ID: {0,601055} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2BA.tmp Handle ID: 3544 Operation ID: {0,601050} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2BA.tmp Handle ID: 3632 Operation ID: {0,601037} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2B9.tmp Handle ID: 3544 Operation ID: {0,601034} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2B9.tmp Handle ID: 3692 Operation ID: {0,601033} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2B9.tmp Handle ID: 3692 Operation ID: {0,601022} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2BA.tmp Handle ID: 3692 Operation ID: {0,601017} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2B9.tmp Handle ID: 3544 Operation ID: {0,601013} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3680 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3680 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3680 Operation ID: {0,600978} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3680 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3680 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3680 Operation ID: {0,600925} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3672 Operation ID: {0,600913} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,600864} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3712 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3712 Operation ID: {0,600777} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2B8.tmp Handle ID: 3544 Operation ID: {0,600746} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2B7.tmp Handle ID: 3544 Operation ID: {0,600739} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2B8.tmp Handle ID: 3544 Operation ID: {0,600734} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3712 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3712 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2B8.tmp Handle ID: 3712 Operation ID: {0,600719} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2B7.tmp Handle ID: 3544 Operation ID: {0,600716} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2B7.tmp Handle ID: 3672 Operation ID: {0,600715} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2B7.tmp Handle ID: 3672 Operation ID: {0,600706} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2B8.tmp Handle ID: 3672 Operation ID: {0,600701} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2B7.tmp Handle ID: 3672 Operation ID: {0,600697} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,600608} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,600507} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3712 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3712 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2B6.tmp Handle ID: 3712 Operation ID: {0,600446} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3712 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3712 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2B5.tmp Handle ID: 3712 Operation ID: {0,600443} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3712 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2B6.tmp Handle ID: 3712 Operation ID: {0,600438} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3504 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3712 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2B6.tmp Handle ID: 3672 Operation ID: {0,600425} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3504 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2B5.tmp Handle ID: 3712 Operation ID: {0,600422} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2B5.tmp Handle ID: 3504 Operation ID: {0,600421} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3504 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3504 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2B5.tmp Handle ID: 3504 Operation ID: {0,600412} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3504 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2B6.tmp Handle ID: 3504 Operation ID: {0,600409} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3504 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2B5.tmp Handle ID: 3504 Operation ID: {0,600405} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3712 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3712 Operation ID: {0,600369} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3712 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3712 Operation ID: {0,600308} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,600264} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3560 Operation ID: {0,600202} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3712 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3712 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2B4.tmp Handle ID: 3712 Operation ID: {0,600175} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3712 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3712 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2B3.tmp Handle ID: 3712 Operation ID: {0,600170} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3712 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2B4.tmp Handle ID: 3712 Operation ID: {0,600165} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3712 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2B4.tmp Handle ID: 3560 Operation ID: {0,600152} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2B3.tmp Handle ID: 3712 Operation ID: {0,600149} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2B3.tmp Handle ID: 3672 Operation ID: {0,600148} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2B3.tmp Handle ID: 3672 Operation ID: {0,600139} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2B4.tmp Handle ID: 3672 Operation ID: {0,600134} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2B3.tmp Handle ID: 3712 Operation ID: {0,600130} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,600056} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,599936} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2B2.tmp Handle ID: 3544 Operation ID: {0,599851} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2B1.tmp Handle ID: 3544 Operation ID: {0,599850} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2B2.tmp Handle ID: 3544 Operation ID: {0,599849} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2B2.tmp Handle ID: 3672 Operation ID: {0,599848} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2B1.tmp Handle ID: 3544 Operation ID: {0,599847} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2B1.tmp Handle ID: 3616 Operation ID: {0,599846} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2B1.tmp Handle ID: 3616 Operation ID: {0,599843} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2B2.tmp Handle ID: 3616 Operation ID: {0,599840} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2B1.tmp Handle ID: 3616 Operation ID: {0,599836} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3672 Operation ID: {0,599801} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3672 Operation ID: {0,599763} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,599720} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3560 Operation ID: {0,599665} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2B0.tmp Handle ID: 3616 Operation ID: {0,599637} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2AF.tmp Handle ID: 3616 Operation ID: {0,599632} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2B0.tmp Handle ID: 3616 Operation ID: {0,599627} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3680 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2B0.tmp Handle ID: 3560 Operation ID: {0,599611} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3680 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2AF.tmp Handle ID: 3616 Operation ID: {0,599606} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2AF.tmp Handle ID: 3680 Operation ID: {0,599605} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2AF.tmp Handle ID: 3616 Operation ID: {0,599594} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2B0.tmp Handle ID: 3616 Operation ID: {0,599591} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2AF.tmp Handle ID: 3616 Operation ID: {0,599585} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,599527} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,599430} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2AE.tmp Handle ID: 3560 Operation ID: {0,599394} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2AD.tmp Handle ID: 3560 Operation ID: {0,599389} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2AE.tmp Handle ID: 3560 Operation ID: {0,599386} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3504 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2AE.tmp Handle ID: 3616 Operation ID: {0,599373} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3504 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2AD.tmp Handle ID: 3560 Operation ID: {0,599370} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2AD.tmp Handle ID: 3504 Operation ID: {0,599369} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3504 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3504 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2AD.tmp Handle ID: 3504 Operation ID: {0,599360} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3504 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2AE.tmp Handle ID: 3504 Operation ID: {0,599355} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3504 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2AD.tmp Handle ID: 3504 Operation ID: {0,599351} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3616 Operation ID: {0,599314} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3616 Operation ID: {0,599263} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,599219} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2AC.tmp Handle ID: 3560 Operation ID: {0,599166} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2AB.tmp Handle ID: 3560 Operation ID: {0,599161} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2AC.tmp Handle ID: 3560 Operation ID: {0,599156} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2AC.tmp Handle ID: 3692 Operation ID: {0,599143} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3712 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2AB.tmp Handle ID: 3560 Operation ID: {0,599140} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2AB.tmp Handle ID: 3712 Operation ID: {0,599139} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3712 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2AB.tmp Handle ID: 3712 Operation ID: {0,599130} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2AC.tmp Handle ID: 3712 Operation ID: {0,599125} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2AB.tmp Handle ID: 3712 Operation ID: {0,599120} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,599067} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,598984} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3504 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3504 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3504 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3504 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2AA.tmp Handle ID: 3504 Operation ID: {0,596440} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3504 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3504 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3504 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3504 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2A9.tmp Handle ID: 3504 Operation ID: {0,596433} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3504 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3504 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2AA.tmp Handle ID: 3504 Operation ID: {0,596428} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3504 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3504 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2AA.tmp Handle ID: 3672 Operation ID: {0,596415} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2A9.tmp Handle ID: 3504 Operation ID: {0,596412} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2A9.tmp Handle ID: 3692 Operation ID: {0,596411} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2A9.tmp Handle ID: 3692 Operation ID: {0,596400} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2AA.tmp Handle ID: 3692 Operation ID: {0,596395} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2A9.tmp Handle ID: 3692 Operation ID: {0,596391} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3672 Operation ID: {0,596355} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3672 Operation ID: {0,596313} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3672 Operation ID: {0,596250} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:32 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:32 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3692 Operation ID: {0,596186} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 3676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 3676 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3676 Operation ID: {0,596096} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 3676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 3676 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3676 Operation ID: {0,596036} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3672 Operation ID: {0,595977} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 3676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 3676 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3676 Operation ID: {0,595869} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2A8.tmp Handle ID: 3580 Operation ID: {0,595514} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2A7.tmp Handle ID: 3580 Operation ID: {0,595509} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2A8.tmp Handle ID: 3580 Operation ID: {0,595504} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2A8.tmp Handle ID: 3632 Operation ID: {0,595491} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2A7.tmp Handle ID: 3580 Operation ID: {0,595488} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2A7.tmp Handle ID: 3616 Operation ID: {0,595487} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2A7.tmp Handle ID: 3616 Operation ID: {0,595474} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2A8.tmp Handle ID: 3616 Operation ID: {0,595473} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2A7.tmp Handle ID: 3616 Operation ID: {0,595467} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,595414} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,595339} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3712 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3712 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2A6.tmp Handle ID: 3712 Operation ID: {0,595293} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3712 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3712 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2A5.tmp Handle ID: 3712 Operation ID: {0,595288} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3712 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2A6.tmp Handle ID: 3712 Operation ID: {0,595281} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3680 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3712 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2A6.tmp Handle ID: 3580 Operation ID: {0,595266} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3680 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2A5.tmp Handle ID: 3712 Operation ID: {0,595265} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2A5.tmp Handle ID: 3680 Operation ID: {0,595264} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3680 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3680 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2A5.tmp Handle ID: 3680 Operation ID: {0,595253} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3680 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2A6.tmp Handle ID: 3680 Operation ID: {0,595250} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3680 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2A5.tmp Handle ID: 3680 Operation ID: {0,595246} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,595211} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,595173} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,595130} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3708 Operation ID: {0,595068} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2A4.tmp Handle ID: 3580 Operation ID: {0,595037} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2A3.tmp Handle ID: 3580 Operation ID: {0,595030} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2A4.tmp Handle ID: 3580 Operation ID: {0,595025} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2A4.tmp Handle ID: 3708 Operation ID: {0,595012} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2A3.tmp Handle ID: 3580 Operation ID: {0,595009} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2A3.tmp Handle ID: 3616 Operation ID: {0,595008} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2A3.tmp Handle ID: 3616 Operation ID: {0,594999} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2A4.tmp Handle ID: 3616 Operation ID: {0,594998} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2A3.tmp Handle ID: 3616 Operation ID: {0,594992} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3504 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3504 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3504 Operation ID: {0,594939} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3504 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3504 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3504 Operation ID: {0,594868} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3688 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3688 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3688 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3688 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2A2.tmp Handle ID: 3688 Operation ID: {0,594815} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3688 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3688 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3688 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3688 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2A1.tmp Handle ID: 3688 Operation ID: {0,594810} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3688 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3688 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2A2.tmp Handle ID: 3688 Operation ID: {0,594803} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3688 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3688 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2A2.tmp Handle ID: 3580 Operation ID: {0,594788} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2A1.tmp Handle ID: 3688 Operation ID: {0,594785} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2A1.tmp Handle ID: 3632 Operation ID: {0,594784} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2A1.tmp Handle ID: 3632 Operation ID: {0,594773} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2A2.tmp Handle ID: 3632 Operation ID: {0,594770} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2A1.tmp Handle ID: 3632 Operation ID: {0,594766} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,594731} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,594693} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,594650} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3616 Operation ID: {0,594597} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2A0.tmp Handle ID: 3632 Operation ID: {0,594564} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab29F.tmp Handle ID: 3632 Operation ID: {0,594557} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2A0.tmp Handle ID: 3632 Operation ID: {0,594554} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2A0.tmp Handle ID: 3616 Operation ID: {0,594539} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab29F.tmp Handle ID: 3632 Operation ID: {0,594536} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab29F.tmp Handle ID: 3544 Operation ID: {0,594535} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab29F.tmp Handle ID: 3544 Operation ID: {0,594526} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2A0.tmp Handle ID: 3544 Operation ID: {0,594523} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3680 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab29F.tmp Handle ID: 3680 Operation ID: {0,594519} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,594466} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,594398} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar29E.tmp Handle ID: 3632 Operation ID: {0,594356} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab29D.tmp Handle ID: 3632 Operation ID: {0,594349} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar29E.tmp Handle ID: 3632 Operation ID: {0,594346} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3688 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3680 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3680 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3680 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar29E.tmp Handle ID: 3680 Operation ID: {0,594331} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3688 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab29D.tmp Handle ID: 3632 Operation ID: {0,594328} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab29D.tmp Handle ID: 3688 Operation ID: {0,594327} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3688 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3688 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab29D.tmp Handle ID: 3688 Operation ID: {0,594316} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3688 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar29E.tmp Handle ID: 3688 Operation ID: {0,594313} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3688 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab29D.tmp Handle ID: 3688 Operation ID: {0,594309} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3680 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3680 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3680 Operation ID: {0,594274} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3680 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3680 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3680 Operation ID: {0,594236} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,594193} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3708 Operation ID: {0,594144} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3688 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3688 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3688 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3688 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar29C.tmp Handle ID: 3688 Operation ID: {0,594111} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3688 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3688 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3688 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3688 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab29B.tmp Handle ID: 3688 Operation ID: {0,594104} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3688 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3688 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar29C.tmp Handle ID: 3688 Operation ID: {0,594101} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3688 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3688 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar29C.tmp Handle ID: 3708 Operation ID: {0,594088} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab29B.tmp Handle ID: 3688 Operation ID: {0,594085} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab29B.tmp Handle ID: 3644 Operation ID: {0,594084} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab29B.tmp Handle ID: 3644 Operation ID: {0,594073} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar29C.tmp Handle ID: 3644 Operation ID: {0,594070} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab29B.tmp Handle ID: 3644 Operation ID: {0,594066} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3504 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3504 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3504 Operation ID: {0,594013} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3504 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3504 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3504 Operation ID: {0,593941} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar29A.tmp Handle ID: 3560 Operation ID: {0,593901} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab299.tmp Handle ID: 3560 Operation ID: {0,593896} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar29A.tmp Handle ID: 3560 Operation ID: {0,593891} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3688 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3688 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3688 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar29A.tmp Handle ID: 3688 Operation ID: {0,593878} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3712 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab299.tmp Handle ID: 3560 Operation ID: {0,593875} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab299.tmp Handle ID: 3712 Operation ID: {0,593874} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3712 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab299.tmp Handle ID: 3712 Operation ID: {0,593865} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar29A.tmp Handle ID: 3712 Operation ID: {0,593864} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab299.tmp Handle ID: 3712 Operation ID: {0,593858} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3688 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3688 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3688 Operation ID: {0,593823} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3688 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3688 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3688 Operation ID: {0,593785} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3504 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3504 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3504 Operation ID: {0,593742} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3712 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3712 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar298.tmp Handle ID: 3712 Operation ID: {0,593699} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3712 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3712 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab297.tmp Handle ID: 3712 Operation ID: {0,593694} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3712 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar298.tmp Handle ID: 3712 Operation ID: {0,593689} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3712 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar298.tmp Handle ID: 3644 Operation ID: {0,593676} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab297.tmp Handle ID: 3712 Operation ID: {0,593673} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab297.tmp Handle ID: 3544 Operation ID: {0,593672} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab297.tmp Handle ID: 3544 Operation ID: {0,593663} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar298.tmp Handle ID: 3544 Operation ID: {0,593658} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab297.tmp Handle ID: 3544 Operation ID: {0,593654} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,593601} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3504 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3504 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3504 Operation ID: {0,593507} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar296.tmp Handle ID: 3644 Operation ID: {0,593465} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab295.tmp Handle ID: 3644 Operation ID: {0,593460} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar296.tmp Handle ID: 3644 Operation ID: {0,593457} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar296.tmp Handle ID: 3544 Operation ID: {0,593442} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab295.tmp Handle ID: 3644 Operation ID: {0,593439} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab295.tmp Handle ID: 3580 Operation ID: {0,593438} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab295.tmp Handle ID: 3580 Operation ID: {0,593427} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar296.tmp Handle ID: 3580 Operation ID: {0,593422} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab295.tmp Handle ID: 3580 Operation ID: {0,593418} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,593383} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,593345} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,593304} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3652 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3652 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3652 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3652 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar294.tmp Handle ID: 3652 Operation ID: {0,593072} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3652 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3652 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3652 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3652 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab293.tmp Handle ID: 3652 Operation ID: {0,593067} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3652 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3652 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar294.tmp Handle ID: 3652 Operation ID: {0,593064} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3652 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3708 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3708 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3652 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar294.tmp Handle ID: 3708 Operation ID: {0,593049} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab293.tmp Handle ID: 3652 Operation ID: {0,593046} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab293.tmp Handle ID: 3644 Operation ID: {0,593045} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab293.tmp Handle ID: 3644 Operation ID: {0,593036} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar294.tmp Handle ID: 3644 Operation ID: {0,593033} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab293.tmp Handle ID: 3644 Operation ID: {0,593029} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,592976} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,592898} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar292.tmp Handle ID: 3632 Operation ID: {0,592828} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab291.tmp Handle ID: 3632 Operation ID: {0,592821} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar292.tmp Handle ID: 3632 Operation ID: {0,592816} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3680 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3652 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3652 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3652 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar292.tmp Handle ID: 3652 Operation ID: {0,592803} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3680 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab291.tmp Handle ID: 3632 Operation ID: {0,592800} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab291.tmp Handle ID: 3680 Operation ID: {0,592799} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3680 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3680 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab291.tmp Handle ID: 3680 Operation ID: {0,592788} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3680 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar292.tmp Handle ID: 3680 Operation ID: {0,592785} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab291.tmp Handle ID: 3632 Operation ID: {0,592781} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3652 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3652 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3652 Operation ID: {0,592745} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3652 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3652 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3652 Operation ID: {0,592707} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3660 Operation ID: {0,592664} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3644 Operation ID: {0,592584} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3680 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3680 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3680 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3680 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar290.tmp Handle ID: 3680 Operation ID: {0,592559} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3680 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3680 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3680 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3680 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab28F.tmp Handle ID: 3680 Operation ID: {0,592556} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3680 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3680 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar290.tmp Handle ID: 3680 Operation ID: {0,592551} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3680 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3680 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar290.tmp Handle ID: 3644 Operation ID: {0,592536} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab28F.tmp Handle ID: 3680 Operation ID: {0,592533} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab28F.tmp Handle ID: 3684 Operation ID: {0,592532} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab28F.tmp Handle ID: 3684 Operation ID: {0,592518} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar290.tmp Handle ID: 3684 Operation ID: {0,592515} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3680 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab28F.tmp Handle ID: 3680 Operation ID: {0,592510} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:31 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:31 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3660 Operation ID: {0,592449} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3660 Operation ID: {0,591849} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar28E.tmp Handle ID: 3644 Operation ID: {0,591677} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab28D.tmp Handle ID: 3644 Operation ID: {0,591672} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar28E.tmp Handle ID: 3644 Operation ID: {0,591669} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3688 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3684 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3684 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar28E.tmp Handle ID: 3684 Operation ID: {0,591656} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3688 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab28D.tmp Handle ID: 3644 Operation ID: {0,591653} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab28D.tmp Handle ID: 3688 Operation ID: {0,591652} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3688 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3688 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab28D.tmp Handle ID: 3688 Operation ID: {0,591643} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3688 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar28E.tmp Handle ID: 3688 Operation ID: {0,591638} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3688 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab28D.tmp Handle ID: 3688 Operation ID: {0,591634} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3692 Operation ID: {0,591598} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3560 Operation ID: {0,591533} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3660 Operation ID: {0,591489} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3688 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3688 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3688 Operation ID: {0,591438} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar28C.tmp Handle ID: 3692 Operation ID: {0,591409} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab28B.tmp Handle ID: 3692 Operation ID: {0,591406} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar28C.tmp Handle ID: 3692 Operation ID: {0,591401} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3688 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3688 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3688 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar28C.tmp Handle ID: 3688 Operation ID: {0,591388} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab28B.tmp Handle ID: 3692 Operation ID: {0,591385} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab28B.tmp Handle ID: 3560 Operation ID: {0,591384} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab28B.tmp Handle ID: 3560 Operation ID: {0,591373} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar28C.tmp Handle ID: 3560 Operation ID: {0,591368} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab28B.tmp Handle ID: 3560 Operation ID: {0,591364} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3660 Operation ID: {0,591310} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3660 Operation ID: {0,591212} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar28A.tmp Handle ID: 3644 Operation ID: {0,591146} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab289.tmp Handle ID: 3644 Operation ID: {0,591141} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar28A.tmp Handle ID: 3644 Operation ID: {0,591136} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3644 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3652 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3644 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar28A.tmp Handle ID: 3692 Operation ID: {0,591121} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3652 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab289.tmp Handle ID: 3644 Operation ID: {0,591118} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab289.tmp Handle ID: 3652 Operation ID: {0,591117} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3652 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3652 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab289.tmp Handle ID: 3652 Operation ID: {0,591106} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3652 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar28A.tmp Handle ID: 3652 Operation ID: {0,591101} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3652 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab289.tmp Handle ID: 3652 Operation ID: {0,591097} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3692 Operation ID: {0,591062} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3692 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3692 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3692 Operation ID: {0,591024} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3660 Operation ID: {0,590981} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3560 Operation ID: {0,590912} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3652 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3652 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3652 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3652 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar288.tmp Handle ID: 3652 Operation ID: {0,590881} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3652 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3652 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3652 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3652 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab287.tmp Handle ID: 3652 Operation ID: {0,590876} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3652 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3652 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar288.tmp Handle ID: 3652 Operation ID: {0,590872} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3652 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3680 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3652 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar288.tmp Handle ID: 3560 Operation ID: {0,590858} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3680 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab287.tmp Handle ID: 3652 Operation ID: {0,590857} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab287.tmp Handle ID: 3680 Operation ID: {0,590856} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3680 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3680 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab287.tmp Handle ID: 3680 Operation ID: {0,590845} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3680 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar288.tmp Handle ID: 3680 Operation ID: {0,590842} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3680 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab287.tmp Handle ID: 3680 Operation ID: {0,590838} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3660 Operation ID: {0,590778} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,587616} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar286.tmp Handle ID: 3560 Operation ID: {0,587115} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab285.tmp Handle ID: 3560 Operation ID: {0,587110} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar286.tmp Handle ID: 3560 Operation ID: {0,587105} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar286.tmp Handle ID: 3616 Operation ID: {0,587092} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab285.tmp Handle ID: 3560 Operation ID: {0,587089} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab285.tmp Handle ID: 3672 Operation ID: {0,587088} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3672 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab285.tmp Handle ID: 3672 Operation ID: {0,587079} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar286.tmp Handle ID: 3672 Operation ID: {0,587076} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab285.tmp Handle ID: 3672 Operation ID: {0,587072} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3616 Operation ID: {0,587037} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3616 Operation ID: {0,586999} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3660 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3660 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3660 Operation ID: {0,586953} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar284.tmp Handle ID: 3616 Operation ID: {0,585637} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab283.tmp Handle ID: 3616 Operation ID: {0,585632} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar284.tmp Handle ID: 3616 Operation ID: {0,585629} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3656 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3656 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3656 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar284.tmp Handle ID: 3656 Operation ID: {0,585616} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab283.tmp Handle ID: 3616 Operation ID: {0,585613} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab283.tmp Handle ID: 3648 Operation ID: {0,585612} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3648 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab283.tmp Handle ID: 3648 Operation ID: {0,585601} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar284.tmp Handle ID: 3648 Operation ID: {0,585596} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3648 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab283.tmp Handle ID: 3648 Operation ID: {0,585594} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3668 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3668 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3668 Operation ID: {0,585540} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3668 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3668 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3668 Operation ID: {0,585314} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar282.tmp Handle ID: 3500 Operation ID: {0,584632} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab281.tmp Handle ID: 3500 Operation ID: {0,584625} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar282.tmp Handle ID: 3500 Operation ID: {0,584622} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3628 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar282.tmp Handle ID: 3632 Operation ID: {0,584607} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3628 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab281.tmp Handle ID: 3500 Operation ID: {0,584604} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab281.tmp Handle ID: 3628 Operation ID: {0,584603} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3628 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3628 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab281.tmp Handle ID: 3628 Operation ID: {0,584592} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3628 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar282.tmp Handle ID: 3628 Operation ID: {0,584587} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3628 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab281.tmp Handle ID: 3628 Operation ID: {0,584583} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,584548} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,584510} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,584469} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,583656} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,583638} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,583620} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,583600} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,583582} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,583564} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,583546} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,583528} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,583508} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,583490} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,583472} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,583454} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,583436} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,583418} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,583400} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,583378} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,583360} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,583342} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,583324} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,583302} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,583284} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,583266} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3512 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3512 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3512 Operation ID: {0,583211} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3512 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3512 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3512 Operation ID: {0,583158} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3512 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3512 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3512 Operation ID: {0,583113} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3584 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3584 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3584 Operation ID: {0,583076} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3512 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3512 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3512 Operation ID: {0,583020} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3512 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3512 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3512 Operation ID: {0,582997} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3512 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3512 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3512 Operation ID: {0,582979} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3512 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3512 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3512 Operation ID: {0,582961} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3512 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3512 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3512 Operation ID: {0,582941} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3512 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3512 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3512 Operation ID: {0,582923} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3512 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3512 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3512 Operation ID: {0,582905} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3512 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3512 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3512 Operation ID: {0,582887} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3512 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3512 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3512 Operation ID: {0,582869} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3512 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3512 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3512 Operation ID: {0,582851} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3512 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3512 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3512 Operation ID: {0,582833} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3512 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3512 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3512 Operation ID: {0,582815} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3512 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3512 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3512 Operation ID: {0,582797} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3512 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3512 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3512 Operation ID: {0,582779} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3512 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3512 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3512 Operation ID: {0,582761} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3512 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3512 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3512 Operation ID: {0,582743} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3512 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3512 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3512 Operation ID: {0,582721} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3512 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3512 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3512 Operation ID: {0,582703} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3512 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3512 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3512 Operation ID: {0,582685} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3512 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3512 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3512 Operation ID: {0,582667} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3512 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3512 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3512 Operation ID: {0,582649} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3512 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3512 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3512 Operation ID: {0,582631} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3512 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3512 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3512 Operation ID: {0,582613} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3588 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3588 Operation ID: {0,582536} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,582334} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,582316} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,582298} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,582278} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,582260} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,582242} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,582224} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,582206} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,582188} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,582170} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,582152} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,582134} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,582116} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,582098} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,582080} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,582058} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,582040} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,582022} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,582004} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,581986} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,581968} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,581950} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\conhost.exe Handle ID: 2544 Operation ID: {0,581649} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\conhost.exe Handle ID: 2544 Operation ID: {0,581646} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE WriteAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x100100 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\conhost.exe Handle ID: 2544 Operation ID: {0,581626} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CRPLueaP_WR_.tmp Handle ID: 3532 Operation ID: {0,581621} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x130089 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 563 NT AUTHORITY\SYSTEM AERODB "Object Open for Delete: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CRPLueaP_WR_.tmp Handle ID: - Operation ID: {0,581621} Process ID: 680 Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: - Privileges: - Access Mask: 0x0 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,581603} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,581585} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,581567} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,581547} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,581529} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,581511} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,581493} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,581475} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,581457} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,581439} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,581421} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,581403} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,581385} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,581367} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,581349} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,581327} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,581309} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,581291} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,581273} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,581255} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,581237} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,581219} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\conhost.exe Handle ID: 3416 Operation ID: {0,581178} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\conhost.exe Handle ID: 3416 Operation ID: {0,581175} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3432 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\conhost.exe Handle ID: 3432 Operation ID: {0,581167} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3432 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\conhost.exe Handle ID: 3432 Operation ID: {0,581162} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3504 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3528 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3528 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\conhost.exe Handle ID: 3528 Operation ID: {0,581120} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar280.tmp Handle ID: 2544 Operation ID: {0,581073} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab27F.tmp Handle ID: 2544 Operation ID: {0,581072} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar280.tmp Handle ID: 2544 Operation ID: {0,581069} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3612 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3612 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar280.tmp Handle ID: 3612 Operation ID: {0,581054} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab27F.tmp Handle ID: 2544 Operation ID: {0,581047} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab27F.tmp Handle ID: 3636 Operation ID: {0,581046} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab27F.tmp Handle ID: 3636 Operation ID: {0,581037} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar280.tmp Handle ID: 3636 Operation ID: {0,581030} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab27F.tmp Handle ID: 3636 Operation ID: {0,581026} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3564 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3564 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3564 Operation ID: {0,580973} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3564 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3564 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3564 Operation ID: {0,580910} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3612 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3612 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar27E.tmp Handle ID: 3612 Operation ID: {0,580871} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3612 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3612 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab27D.tmp Handle ID: 3612 Operation ID: {0,580862} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3612 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar27E.tmp Handle ID: 3612 Operation ID: {0,580855} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3608 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3612 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar27E.tmp Handle ID: 3636 Operation ID: {0,580838} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3608 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab27D.tmp Handle ID: 3612 Operation ID: {0,580833} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab27D.tmp Handle ID: 3608 Operation ID: {0,580832} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3608 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3608 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab27D.tmp Handle ID: 3608 Operation ID: {0,580821} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3608 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar27E.tmp Handle ID: 3608 Operation ID: {0,580818} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3608 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab27D.tmp Handle ID: 3608 Operation ID: {0,580812} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3636 Operation ID: {0,580777} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3636 Operation ID: {0,580739} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3564 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3564 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3564 Operation ID: {0,580696} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3428 Operation ID: {0,580651} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3608 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3608 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3608 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3608 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar27C.tmp Handle ID: 3608 Operation ID: {0,580626} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3608 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3608 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3608 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3608 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab27B.tmp Handle ID: 3608 Operation ID: {0,580619} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3608 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3608 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar27C.tmp Handle ID: 3608 Operation ID: {0,580616} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3608 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3608 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar27C.tmp Handle ID: 3428 Operation ID: {0,580601} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab27B.tmp Handle ID: 3608 Operation ID: {0,580598} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab27B.tmp Handle ID: 3516 Operation ID: {0,580597} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab27B.tmp Handle ID: 3516 Operation ID: {0,580586} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar27C.tmp Handle ID: 3516 Operation ID: {0,580581} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab27B.tmp Handle ID: 3516 Operation ID: {0,580577} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3564 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3564 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3564 Operation ID: {0,580526} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3564 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3564 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3564 Operation ID: {0,580463} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3612 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3612 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar27A.tmp Handle ID: 3612 Operation ID: {0,580427} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3612 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3612 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab279.tmp Handle ID: 3612 Operation ID: {0,580418} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3612 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar27A.tmp Handle ID: 3612 Operation ID: {0,580411} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3608 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3608 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3608 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3612 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar27A.tmp Handle ID: 3608 Operation ID: {0,580393} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab279.tmp Handle ID: 3612 Operation ID: {0,580389} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab279.tmp Handle ID: 3576 Operation ID: {0,580388} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab279.tmp Handle ID: 3576 Operation ID: {0,580377} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar27A.tmp Handle ID: 3576 Operation ID: {0,580374} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab279.tmp Handle ID: 3576 Operation ID: {0,580368} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3608 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3608 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3608 Operation ID: {0,580333} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3608 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3608 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3608 Operation ID: {0,580295} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3564 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3564 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3564 Operation ID: {0,580252} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3516 Operation ID: {0,580206} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar278.tmp Handle ID: 3576 Operation ID: {0,580177} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab277.tmp Handle ID: 3576 Operation ID: {0,580168} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar278.tmp Handle ID: 3576 Operation ID: {0,580159} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar278.tmp Handle ID: 3516 Operation ID: {0,580146} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab277.tmp Handle ID: 3576 Operation ID: {0,580139} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab277.tmp Handle ID: 2544 Operation ID: {0,580138} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab277.tmp Handle ID: 2544 Operation ID: {0,580129} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar278.tmp Handle ID: 2544 Operation ID: {0,580124} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab277.tmp Handle ID: 2544 Operation ID: {0,580120} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3564 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3564 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3564 Operation ID: {0,580067} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3564 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3564 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3564 Operation ID: {0,580006} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar276.tmp Handle ID: 3516 Operation ID: {0,579970} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab275.tmp Handle ID: 3516 Operation ID: {0,579961} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar276.tmp Handle ID: 3516 Operation ID: {0,579954} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar276.tmp Handle ID: 2544 Operation ID: {0,579937} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab275.tmp Handle ID: 3516 Operation ID: {0,579932} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab275.tmp Handle ID: 3636 Operation ID: {0,579931} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab275.tmp Handle ID: 3636 Operation ID: {0,579920} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar276.tmp Handle ID: 3636 Operation ID: {0,579917} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab275.tmp Handle ID: 3636 Operation ID: {0,579911} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2544 Operation ID: {0,579876} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2544 Operation ID: {0,579838} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3564 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3564 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3564 Operation ID: {0,579795} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1676 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1676 Operation ID: {0,579750} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar274.tmp Handle ID: 3636 Operation ID: {0,579725} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab273.tmp Handle ID: 3636 Operation ID: {0,579720} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar274.tmp Handle ID: 3636 Operation ID: {0,579713} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1676 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1676 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar274.tmp Handle ID: 1676 Operation ID: {0,579700} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab273.tmp Handle ID: 3636 Operation ID: {0,579697} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab273.tmp Handle ID: 3428 Operation ID: {0,579696} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab273.tmp Handle ID: 3428 Operation ID: {0,579687} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar274.tmp Handle ID: 3428 Operation ID: {0,579684} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab273.tmp Handle ID: 3428 Operation ID: {0,579680} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3564 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3564 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3564 Operation ID: {0,579627} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3564 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3564 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3564 Operation ID: {0,579563} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar272.tmp Handle ID: 3516 Operation ID: {0,579525} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab271.tmp Handle ID: 3516 Operation ID: {0,579516} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar272.tmp Handle ID: 3516 Operation ID: {0,579509} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3608 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar272.tmp Handle ID: 3636 Operation ID: {0,579492} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3608 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab271.tmp Handle ID: 3516 Operation ID: {0,579487} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab271.tmp Handle ID: 3608 Operation ID: {0,579486} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3608 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3608 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab271.tmp Handle ID: 3608 Operation ID: {0,579475} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3608 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar272.tmp Handle ID: 3608 Operation ID: {0,579472} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3608 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab271.tmp Handle ID: 3608 Operation ID: {0,579466} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3636 Operation ID: {0,579431} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3636 Operation ID: {0,579393} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3564 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3564 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3564 Operation ID: {0,579350} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3608 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3608 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3608 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3608 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar270.tmp Handle ID: 3608 Operation ID: {0,579314} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3608 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3608 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3608 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3608 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab26F.tmp Handle ID: 3608 Operation ID: {0,579305} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3608 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3608 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar270.tmp Handle ID: 3608 Operation ID: {0,579296} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3608 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3608 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar270.tmp Handle ID: 3428 Operation ID: {0,579283} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab26F.tmp Handle ID: 3608 Operation ID: {0,579276} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab26F.tmp Handle ID: 3576 Operation ID: {0,579275} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab26F.tmp Handle ID: 3576 Operation ID: {0,579266} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar270.tmp Handle ID: 3576 Operation ID: {0,579259} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab26F.tmp Handle ID: 3576 Operation ID: {0,579255} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3564 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3564 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3564 Operation ID: {0,579202} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3564 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3564 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3564 Operation ID: {0,579060} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar26E.tmp Handle ID: 2576 Operation ID: {0,579019} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab26D.tmp Handle ID: 2576 Operation ID: {0,579010} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar26E.tmp Handle ID: 2576 Operation ID: {0,579003} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1676 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1676 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar26E.tmp Handle ID: 1676 Operation ID: {0,578986} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab26D.tmp Handle ID: 2576 Operation ID: {0,578981} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab26D.tmp Handle ID: 3428 Operation ID: {0,578980} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab26D.tmp Handle ID: 3428 Operation ID: {0,578969} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar26E.tmp Handle ID: 3428 Operation ID: {0,578966} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab26D.tmp Handle ID: 3428 Operation ID: {0,578960} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1676 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1676 Operation ID: {0,578927} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1676 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1676 Operation ID: {0,578891} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1676 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1676 Operation ID: {0,578850} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar26C.tmp Handle ID: 3532 Operation ID: {0,578786} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab26B.tmp Handle ID: 3532 Operation ID: {0,578777} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar26C.tmp Handle ID: 3532 Operation ID: {0,578770} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1676 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1676 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar26C.tmp Handle ID: 1676 Operation ID: {0,578753} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab26B.tmp Handle ID: 3532 Operation ID: {0,578748} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab26B.tmp Handle ID: 3592 Operation ID: {0,578747} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab26B.tmp Handle ID: 3592 Operation ID: {0,578736} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar26C.tmp Handle ID: 3592 Operation ID: {0,578733} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab26B.tmp Handle ID: 3592 Operation ID: {0,578729} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3636 Operation ID: {0,578676} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3636 Operation ID: {0,578613} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar26A.tmp Handle ID: 3592 Operation ID: {0,578576} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab269.tmp Handle ID: 3592 Operation ID: {0,578567} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar26A.tmp Handle ID: 3592 Operation ID: {0,578560} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar26A.tmp Handle ID: 3532 Operation ID: {0,578543} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab269.tmp Handle ID: 3592 Operation ID: {0,578538} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab269.tmp Handle ID: 2544 Operation ID: {0,578537} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab269.tmp Handle ID: 2544 Operation ID: {0,578526} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar26A.tmp Handle ID: 2544 Operation ID: {0,578523} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab269.tmp Handle ID: 2544 Operation ID: {0,578517} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,578482} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,578444} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3636 Operation ID: {0,578401} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3576 Operation ID: {0,578356} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar268.tmp Handle ID: 2544 Operation ID: {0,578327} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab267.tmp Handle ID: 2544 Operation ID: {0,578318} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar268.tmp Handle ID: 2544 Operation ID: {0,578309} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar268.tmp Handle ID: 3576 Operation ID: {0,578296} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab267.tmp Handle ID: 2544 Operation ID: {0,578289} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab267.tmp Handle ID: 3516 Operation ID: {0,578288} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab267.tmp Handle ID: 3516 Operation ID: {0,578279} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar268.tmp Handle ID: 3516 Operation ID: {0,578274} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab267.tmp Handle ID: 3516 Operation ID: {0,578270} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3636 Operation ID: {0,578217} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3636 Operation ID: {0,578154} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar266.tmp Handle ID: 3516 Operation ID: {0,578118} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab265.tmp Handle ID: 3516 Operation ID: {0,578109} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar266.tmp Handle ID: 3516 Operation ID: {0,578102} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar266.tmp Handle ID: 2544 Operation ID: {0,578087} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab265.tmp Handle ID: 3516 Operation ID: {0,578080} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab265.tmp Handle ID: 3524 Operation ID: {0,578079} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab265.tmp Handle ID: 3524 Operation ID: {0,578070} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar266.tmp Handle ID: 3524 Operation ID: {0,578063} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab265.tmp Handle ID: 3524 Operation ID: {0,578059} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2544 Operation ID: {0,578024} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2544 Operation ID: {0,577986} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3636 Operation ID: {0,577943} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3640 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3640 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3640 Operation ID: {0,577897} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar264.tmp Handle ID: 2544 Operation ID: {0,577866} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab263.tmp Handle ID: 2544 Operation ID: {0,577857} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar264.tmp Handle ID: 2544 Operation ID: {0,577850} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3640 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3640 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3640 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar264.tmp Handle ID: 3640 Operation ID: {0,577833} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1676 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab263.tmp Handle ID: 2544 Operation ID: {0,577828} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab263.tmp Handle ID: 1676 Operation ID: {0,577827} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1676 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab263.tmp Handle ID: 1676 Operation ID: {0,577816} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar264.tmp Handle ID: 1676 Operation ID: {0,577813} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab263.tmp Handle ID: 1676 Operation ID: {0,577807} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3636 Operation ID: {0,577754} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3636 Operation ID: {0,577691} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar262.tmp Handle ID: 3524 Operation ID: {0,577655} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab261.tmp Handle ID: 3524 Operation ID: {0,577646} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar262.tmp Handle ID: 3524 Operation ID: {0,577639} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar262.tmp Handle ID: 2544 Operation ID: {0,577624} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab261.tmp Handle ID: 3524 Operation ID: {0,577617} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab261.tmp Handle ID: 3532 Operation ID: {0,577616} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab261.tmp Handle ID: 3532 Operation ID: {0,577607} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar262.tmp Handle ID: 3532 Operation ID: {0,577602} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab261.tmp Handle ID: 3532 Operation ID: {0,577596} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2544 Operation ID: {0,577561} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2544 Operation ID: {0,577523} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3636 Operation ID: {0,577480} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1676 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1676 Operation ID: {0,577435} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar260.tmp Handle ID: 3532 Operation ID: {0,577404} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab25F.tmp Handle ID: 3532 Operation ID: {0,577395} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar260.tmp Handle ID: 3532 Operation ID: {0,577388} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1676 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1676 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar260.tmp Handle ID: 1676 Operation ID: {0,577371} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab25F.tmp Handle ID: 3532 Operation ID: {0,577366} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab25F.tmp Handle ID: 3576 Operation ID: {0,577365} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab25F.tmp Handle ID: 3576 Operation ID: {0,577354} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar260.tmp Handle ID: 3576 Operation ID: {0,577351} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab25F.tmp Handle ID: 3576 Operation ID: {0,577345} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3636 Operation ID: {0,577292} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3636 Operation ID: {0,577230} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar25E.tmp Handle ID: 3576 Operation ID: {0,577194} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab25D.tmp Handle ID: 3576 Operation ID: {0,577185} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar25E.tmp Handle ID: 3576 Operation ID: {0,577178} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar25E.tmp Handle ID: 3532 Operation ID: {0,577161} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab25D.tmp Handle ID: 3576 Operation ID: {0,577156} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab25D.tmp Handle ID: 3516 Operation ID: {0,577155} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab25D.tmp Handle ID: 3516 Operation ID: {0,577144} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar25E.tmp Handle ID: 3516 Operation ID: {0,577141} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab25D.tmp Handle ID: 3516 Operation ID: {0,577135} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,577100} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,577062} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3636 Operation ID: {0,577019} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar25C.tmp Handle ID: 3516 Operation ID: {0,576982} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab25B.tmp Handle ID: 3516 Operation ID: {0,576973} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar25C.tmp Handle ID: 3516 Operation ID: {0,576966} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3640 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar25C.tmp Handle ID: 3592 Operation ID: {0,576951} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3640 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab25B.tmp Handle ID: 3516 Operation ID: {0,576944} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab25B.tmp Handle ID: 3640 Operation ID: {0,576943} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3640 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3640 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab25B.tmp Handle ID: 3640 Operation ID: {0,576934} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3640 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar25C.tmp Handle ID: 3640 Operation ID: {0,576929} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3640 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab25B.tmp Handle ID: 3640 Operation ID: {0,576923} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3636 Operation ID: {0,576870} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3636 Operation ID: {0,576807} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar25A.tmp Handle ID: 2544 Operation ID: {0,576767} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab259.tmp Handle ID: 2544 Operation ID: {0,576758} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar25A.tmp Handle ID: 2544 Operation ID: {0,576751} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar25A.tmp Handle ID: 3516 Operation ID: {0,576734} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab259.tmp Handle ID: 2544 Operation ID: {0,576729} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab259.tmp Handle ID: 3576 Operation ID: {0,576728} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab259.tmp Handle ID: 3576 Operation ID: {0,576717} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar25A.tmp Handle ID: 3576 Operation ID: {0,576714} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab259.tmp Handle ID: 3576 Operation ID: {0,576708} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3516 Operation ID: {0,576675} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3516 Operation ID: {0,576641} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3516 Operation ID: {0,576602} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3612 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3612 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar258.tmp Handle ID: 3612 Operation ID: {0,575927} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3612 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3612 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab257.tmp Handle ID: 3612 Operation ID: {0,575918} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3612 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar258.tmp Handle ID: 3612 Operation ID: {0,575909} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3640 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3640 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3640 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3612 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar258.tmp Handle ID: 3640 Operation ID: {0,575896} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab257.tmp Handle ID: 3612 Operation ID: {0,575889} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab257.tmp Handle ID: 3524 Operation ID: {0,575888} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab257.tmp Handle ID: 3524 Operation ID: {0,575879} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar258.tmp Handle ID: 3524 Operation ID: {0,575874} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab257.tmp Handle ID: 3524 Operation ID: {0,575868} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3564 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3564 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3564 Operation ID: {0,575815} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3564 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3564 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3564 Operation ID: {0,575752} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3640 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3640 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3640 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3640 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar256.tmp Handle ID: 3640 Operation ID: {0,575714} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3640 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3640 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3640 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3640 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab255.tmp Handle ID: 3640 Operation ID: {0,575705} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3640 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3640 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar256.tmp Handle ID: 3640 Operation ID: {0,575698} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3640 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3640 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar256.tmp Handle ID: 3524 Operation ID: {0,575681} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab255.tmp Handle ID: 3640 Operation ID: {0,575676} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab255.tmp Handle ID: 3576 Operation ID: {0,575675} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab255.tmp Handle ID: 3576 Operation ID: {0,575664} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar256.tmp Handle ID: 3576 Operation ID: {0,575657} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab255.tmp Handle ID: 3576 Operation ID: {0,575653} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3524 Operation ID: {0,575624} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3524 Operation ID: {0,575586} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3564 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3564 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3564 Operation ID: {0,575543} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1676 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1676 Operation ID: {0,575500} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar254.tmp Handle ID: 3524 Operation ID: {0,575470} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab253.tmp Handle ID: 3524 Operation ID: {0,575461} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar254.tmp Handle ID: 3524 Operation ID: {0,575452} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1676 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1676 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar254.tmp Handle ID: 1676 Operation ID: {0,575439} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab253.tmp Handle ID: 3524 Operation ID: {0,575432} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab253.tmp Handle ID: 2544 Operation ID: {0,575431} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab253.tmp Handle ID: 2544 Operation ID: {0,575422} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar254.tmp Handle ID: 2544 Operation ID: {0,575417} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab253.tmp Handle ID: 2544 Operation ID: {0,575413} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3564 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3564 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3564 Operation ID: {0,575360} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3564 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3564 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3564 Operation ID: {0,575299} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar252.tmp Handle ID: 3576 Operation ID: {0,575263} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab251.tmp Handle ID: 3576 Operation ID: {0,575250} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar252.tmp Handle ID: 3576 Operation ID: {0,575247} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3464 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar252.tmp Handle ID: 3524 Operation ID: {0,575230} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3464 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab251.tmp Handle ID: 3576 Operation ID: {0,575225} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab251.tmp Handle ID: 3464 Operation ID: {0,575224} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3464 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3464 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab251.tmp Handle ID: 3464 Operation ID: {0,575213} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3464 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar252.tmp Handle ID: 3464 Operation ID: {0,575210} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3464 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab251.tmp Handle ID: 3464 Operation ID: {0,575204} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3524 Operation ID: {0,575169} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3524 Operation ID: {0,575131} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3564 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3564 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3564 Operation ID: {0,575088} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2544 Operation ID: {0,575043} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3464 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3464 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3464 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3464 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar250.tmp Handle ID: 3464 Operation ID: {0,575014} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3464 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3464 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3464 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3464 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab24F.tmp Handle ID: 3464 Operation ID: {0,575007} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3464 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3464 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar250.tmp Handle ID: 3464 Operation ID: {0,575004} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3464 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3464 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar250.tmp Handle ID: 2544 Operation ID: {0,574987} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3612 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab24F.tmp Handle ID: 3464 Operation ID: {0,574984} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab24F.tmp Handle ID: 3612 Operation ID: {0,574983} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3612 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab24F.tmp Handle ID: 3612 Operation ID: {0,574972} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar250.tmp Handle ID: 3612 Operation ID: {0,574971} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab24F.tmp Handle ID: 3612 Operation ID: {0,574967} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3564 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3564 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3564 Operation ID: {0,574914} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3564 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3564 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3564 Operation ID: {0,574851} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar24E.tmp Handle ID: 2544 Operation ID: {0,574812} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab24D.tmp Handle ID: 2544 Operation ID: {0,574803} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar24E.tmp Handle ID: 2544 Operation ID: {0,574796} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3640 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3612 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3612 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar24E.tmp Handle ID: 3612 Operation ID: {0,574779} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3640 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab24D.tmp Handle ID: 2544 Operation ID: {0,574774} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab24D.tmp Handle ID: 3640 Operation ID: {0,574773} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3640 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3640 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab24D.tmp Handle ID: 3640 Operation ID: {0,574762} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3640 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar24E.tmp Handle ID: 3640 Operation ID: {0,574755} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3640 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab24D.tmp Handle ID: 3640 Operation ID: {0,574751} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3612 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3612 Operation ID: {0,574722} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3612 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3612 Operation ID: {0,574686} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3564 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3564 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3564 Operation ID: {0,574643} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3516 Operation ID: {0,574598} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3612 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3612 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar24C.tmp Handle ID: 3612 Operation ID: {0,574573} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3612 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3612 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab24B.tmp Handle ID: 3612 Operation ID: {0,574572} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3612 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar24C.tmp Handle ID: 3612 Operation ID: {0,574571} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3612 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar24C.tmp Handle ID: 3516 Operation ID: {0,574570} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1676 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab24B.tmp Handle ID: 3612 Operation ID: {0,574569} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab24B.tmp Handle ID: 1676 Operation ID: {0,574568} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1676 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab24B.tmp Handle ID: 1676 Operation ID: {0,574565} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar24C.tmp Handle ID: 1676 Operation ID: {0,574564} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab24B.tmp Handle ID: 1676 Operation ID: {0,574560} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3564 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3564 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3564 Operation ID: {0,574507} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3564 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3564 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3564 Operation ID: {0,574444} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3640 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3640 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3640 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3640 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar24A.tmp Handle ID: 3640 Operation ID: {0,574408} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3640 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3640 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3640 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3640 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab249.tmp Handle ID: 3640 Operation ID: {0,574399} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3640 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3640 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar24A.tmp Handle ID: 3640 Operation ID: {0,574392} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3640 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3612 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3612 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3640 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar24A.tmp Handle ID: 3612 Operation ID: {0,574375} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab249.tmp Handle ID: 3640 Operation ID: {0,574370} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab249.tmp Handle ID: 3524 Operation ID: {0,574369} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab249.tmp Handle ID: 3524 Operation ID: {0,574360} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar24A.tmp Handle ID: 3524 Operation ID: {0,574355} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab249.tmp Handle ID: 3524 Operation ID: {0,574349} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3612 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3612 Operation ID: {0,574314} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3612 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3612 Operation ID: {0,574276} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3564 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3564 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3564 Operation ID: {0,574233} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar248.tmp Handle ID: 3524 Operation ID: {0,574199} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab247.tmp Handle ID: 3524 Operation ID: {0,574192} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar248.tmp Handle ID: 3524 Operation ID: {0,574189} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3464 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1676 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1676 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar248.tmp Handle ID: 1676 Operation ID: {0,574176} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3464 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab247.tmp Handle ID: 3524 Operation ID: {0,574173} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab247.tmp Handle ID: 3464 Operation ID: {0,574172} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3464 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3464 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab247.tmp Handle ID: 3464 Operation ID: {0,574161} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3464 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar248.tmp Handle ID: 3464 Operation ID: {0,574156} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3464 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab247.tmp Handle ID: 3464 Operation ID: {0,574152} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3564 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3564 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3564 Operation ID: {0,574099} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3564 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3564 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3564 Operation ID: {0,574034} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1676 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1676 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar246.tmp Handle ID: 1676 Operation ID: {0,573996} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1676 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1676 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab245.tmp Handle ID: 1676 Operation ID: {0,573987} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1676 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar246.tmp Handle ID: 1676 Operation ID: {0,573980} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1676 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3464 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3464 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3464 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1676 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar246.tmp Handle ID: 3464 Operation ID: {0,573963} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab245.tmp Handle ID: 1676 Operation ID: {0,573958} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab245.tmp Handle ID: 2544 Operation ID: {0,573957} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab245.tmp Handle ID: 2544 Operation ID: {0,573946} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar246.tmp Handle ID: 2544 Operation ID: {0,573943} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab245.tmp Handle ID: 2544 Operation ID: {0,573937} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3464 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3464 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3464 Operation ID: {0,573904} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3464 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3464 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3464 Operation ID: {0,573870} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3464 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3464 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3464 Operation ID: {0,573829} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar244.tmp Handle ID: 3428 Operation ID: {0,573671} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab243.tmp Handle ID: 3428 Operation ID: {0,573666} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar244.tmp Handle ID: 3428 Operation ID: {0,573663} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar244.tmp Handle ID: 3472 Operation ID: {0,573650} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab243.tmp Handle ID: 3428 Operation ID: {0,573647} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab243.tmp Handle ID: 3624 Operation ID: {0,573646} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab243.tmp Handle ID: 3624 Operation ID: {0,573637} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar244.tmp Handle ID: 3624 Operation ID: {0,573632} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab243.tmp Handle ID: 3624 Operation ID: {0,573628} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3640 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3640 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3640 Operation ID: {0,573575} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3640 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3640 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3640 Operation ID: {0,573512} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3464 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3464 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3464 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3464 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar242.tmp Handle ID: 3464 Operation ID: {0,573478} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3464 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3464 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3464 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3464 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab241.tmp Handle ID: 3464 Operation ID: {0,573473} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3464 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3464 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar242.tmp Handle ID: 3464 Operation ID: {0,573470} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3464 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3464 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar242.tmp Handle ID: 3428 Operation ID: {0,573455} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab241.tmp Handle ID: 3464 Operation ID: {0,573452} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab241.tmp Handle ID: 3516 Operation ID: {0,573451} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab241.tmp Handle ID: 3516 Operation ID: {0,573442} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar242.tmp Handle ID: 3516 Operation ID: {0,573441} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab241.tmp Handle ID: 3516 Operation ID: {0,573435} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3428 Operation ID: {0,573400} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3428 Operation ID: {0,573362} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3640 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3640 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3640 Operation ID: {0,573319} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3624 Operation ID: {0,573036} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar240.tmp Handle ID: 3516 Operation ID: {0,573009} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab23F.tmp Handle ID: 3516 Operation ID: {0,573006} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar240.tmp Handle ID: 3516 Operation ID: {0,573001} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar240.tmp Handle ID: 3624 Operation ID: {0,572990} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab23F.tmp Handle ID: 3516 Operation ID: {0,572987} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab23F.tmp Handle ID: 3576 Operation ID: {0,572986} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab23F.tmp Handle ID: 3576 Operation ID: {0,572975} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar240.tmp Handle ID: 3576 Operation ID: {0,572973} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab23F.tmp Handle ID: 3576 Operation ID: {0,572967} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3640 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3640 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3640 Operation ID: {0,572800} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3640 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:27 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3640 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:27 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3640 Operation ID: {0,569347} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3624 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar23E.tmp Handle ID: 3624 Operation ID: {0,569309} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3624 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab23D.tmp Handle ID: 3624 Operation ID: {0,569300} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar23E.tmp Handle ID: 3624 Operation ID: {0,569293} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar23E.tmp Handle ID: 3576 Operation ID: {0,569276} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3612 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab23D.tmp Handle ID: 3624 Operation ID: {0,569271} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab23D.tmp Handle ID: 3612 Operation ID: {0,569270} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3612 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab23D.tmp Handle ID: 3612 Operation ID: {0,569259} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar23E.tmp Handle ID: 3612 Operation ID: {0,569256} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab23D.tmp Handle ID: 3612 Operation ID: {0,569250} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3576 Operation ID: {0,569215} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3576 Operation ID: {0,569177} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3640 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3640 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3640 Operation ID: {0,569134} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2576 Operation ID: {0,569088} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar23C.tmp Handle ID: 3576 Operation ID: {0,569059} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab23B.tmp Handle ID: 3576 Operation ID: {0,569056} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar23C.tmp Handle ID: 3576 Operation ID: {0,569053} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar23C.tmp Handle ID: 2576 Operation ID: {0,569038} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab23B.tmp Handle ID: 3576 Operation ID: {0,569035} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab23B.tmp Handle ID: 3472 Operation ID: {0,569034} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab23B.tmp Handle ID: 3472 Operation ID: {0,569023} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar23C.tmp Handle ID: 3472 Operation ID: {0,569018} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab23B.tmp Handle ID: 3472 Operation ID: {0,569014} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3640 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3640 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3640 Operation ID: {0,568961} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3640 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3640 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3640 Operation ID: {0,568898} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3612 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3612 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar23A.tmp Handle ID: 3612 Operation ID: {0,568863} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3612 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3612 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab239.tmp Handle ID: 3612 Operation ID: {0,568858} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3612 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar23A.tmp Handle ID: 3612 Operation ID: {0,568853} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3612 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar23A.tmp Handle ID: 3576 Operation ID: {0,568840} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab239.tmp Handle ID: 3612 Operation ID: {0,568837} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab239.tmp Handle ID: 3428 Operation ID: {0,568836} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab239.tmp Handle ID: 3428 Operation ID: {0,568825} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar23A.tmp Handle ID: 3428 Operation ID: {0,568820} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab239.tmp Handle ID: 3428 Operation ID: {0,568816} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3576 Operation ID: {0,568781} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3576 Operation ID: {0,568743} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3640 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3640 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3640 Operation ID: {0,568700} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3472 Operation ID: {0,568651} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar238.tmp Handle ID: 3428 Operation ID: {0,568620} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab237.tmp Handle ID: 3428 Operation ID: {0,568619} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar238.tmp Handle ID: 3428 Operation ID: {0,568618} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar238.tmp Handle ID: 3472 Operation ID: {0,568617} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab237.tmp Handle ID: 3428 Operation ID: {0,568616} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab237.tmp Handle ID: 3516 Operation ID: {0,568615} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab237.tmp Handle ID: 3516 Operation ID: {0,568612} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar238.tmp Handle ID: 3516 Operation ID: {0,568609} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab237.tmp Handle ID: 3516 Operation ID: {0,568605} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3640 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3640 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3640 Operation ID: {0,568552} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3640 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3640 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3640 Operation ID: {0,568489} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar236.tmp Handle ID: 3472 Operation ID: {0,568455} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab235.tmp Handle ID: 3472 Operation ID: {0,568450} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar236.tmp Handle ID: 3472 Operation ID: {0,568445} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar236.tmp Handle ID: 3516 Operation ID: {0,568432} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab235.tmp Handle ID: 3472 Operation ID: {0,568429} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab235.tmp Handle ID: 3624 Operation ID: {0,568428} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab235.tmp Handle ID: 3624 Operation ID: {0,568417} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar236.tmp Handle ID: 3624 Operation ID: {0,568412} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab235.tmp Handle ID: 3624 Operation ID: {0,568408} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3516 Operation ID: {0,568373} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3516 Operation ID: {0,568335} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3640 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3640 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3640 Operation ID: {0,568292} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar234.tmp Handle ID: 3516 Operation ID: {0,568181} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab233.tmp Handle ID: 3516 Operation ID: {0,568176} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar234.tmp Handle ID: 3516 Operation ID: {0,568173} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3464 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3464 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3464 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar234.tmp Handle ID: 3464 Operation ID: {0,568160} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab233.tmp Handle ID: 3516 Operation ID: {0,568157} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab233.tmp Handle ID: 2576 Operation ID: {0,568156} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab233.tmp Handle ID: 2576 Operation ID: {0,568147} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar234.tmp Handle ID: 2576 Operation ID: {0,568142} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab233.tmp Handle ID: 2576 Operation ID: {0,568138} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3636 Operation ID: {0,568085} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3636 Operation ID: {0,568020} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3624 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar232.tmp Handle ID: 3624 Operation ID: {0,567986} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3624 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab231.tmp Handle ID: 3624 Operation ID: {0,567981} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar232.tmp Handle ID: 3624 Operation ID: {0,567976} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar232.tmp Handle ID: 3516 Operation ID: {0,567963} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab231.tmp Handle ID: 3624 Operation ID: {0,567960} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab231.tmp Handle ID: 3576 Operation ID: {0,567959} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab231.tmp Handle ID: 3576 Operation ID: {0,567950} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar232.tmp Handle ID: 3576 Operation ID: {0,567945} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab231.tmp Handle ID: 3576 Operation ID: {0,567941} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3516 Operation ID: {0,567906} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3516 Operation ID: {0,567868} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3516 Operation ID: {0,567827} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3548 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3548 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3548 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3548 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar230.tmp Handle ID: 3548 Operation ID: {0,567763} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3548 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3548 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3548 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3548 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab22F.tmp Handle ID: 3548 Operation ID: {0,567762} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3548 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3548 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar230.tmp Handle ID: 3548 Operation ID: {0,567761} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3548 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3548 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar230.tmp Handle ID: 3516 Operation ID: {0,567760} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab22F.tmp Handle ID: 3548 Operation ID: {0,567757} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab22F.tmp Handle ID: 3592 Operation ID: {0,567756} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab22F.tmp Handle ID: 3592 Operation ID: {0,567745} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar230.tmp Handle ID: 3592 Operation ID: {0,567742} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab22F.tmp Handle ID: 3592 Operation ID: {0,567738} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3636 Operation ID: {0,567685} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3636 Operation ID: {0,567621} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar22E.tmp Handle ID: 3516 Operation ID: {0,567589} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab22D.tmp Handle ID: 3516 Operation ID: {0,567584} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar22E.tmp Handle ID: 3516 Operation ID: {0,567581} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3536 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar22E.tmp Handle ID: 3592 Operation ID: {0,567568} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3536 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab22D.tmp Handle ID: 3516 Operation ID: {0,567565} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab22D.tmp Handle ID: 3536 Operation ID: {0,567564} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3536 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3536 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab22D.tmp Handle ID: 3536 Operation ID: {0,567553} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3536 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar22E.tmp Handle ID: 3536 Operation ID: {0,567550} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3536 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab22D.tmp Handle ID: 3536 Operation ID: {0,567546} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3592 Operation ID: {0,567511} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3592 Operation ID: {0,567473} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3636 Operation ID: {0,567430} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3428 Operation ID: {0,567385} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar22C.tmp Handle ID: 3592 Operation ID: {0,567356} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab22B.tmp Handle ID: 3592 Operation ID: {0,567353} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar22C.tmp Handle ID: 3592 Operation ID: {0,567348} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar22C.tmp Handle ID: 3428 Operation ID: {0,567335} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab22B.tmp Handle ID: 3592 Operation ID: {0,567332} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab22B.tmp Handle ID: 3472 Operation ID: {0,567331} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab22B.tmp Handle ID: 3472 Operation ID: {0,567322} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar22C.tmp Handle ID: 3472 Operation ID: {0,567321} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab22B.tmp Handle ID: 3472 Operation ID: {0,567315} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3636 Operation ID: {0,567262} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3636 Operation ID: {0,567199} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3536 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3536 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3536 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3536 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar22A.tmp Handle ID: 3536 Operation ID: {0,567161} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3536 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3536 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3536 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3536 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab229.tmp Handle ID: 3536 Operation ID: {0,567156} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3536 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3536 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar22A.tmp Handle ID: 3536 Operation ID: {0,567151} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3536 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3536 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar22A.tmp Handle ID: 3592 Operation ID: {0,567138} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab229.tmp Handle ID: 3536 Operation ID: {0,567135} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab229.tmp Handle ID: 2544 Operation ID: {0,567134} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab229.tmp Handle ID: 2544 Operation ID: {0,567123} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar22A.tmp Handle ID: 2544 Operation ID: {0,567118} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab229.tmp Handle ID: 2544 Operation ID: {0,567114} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3592 Operation ID: {0,567079} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3592 Operation ID: {0,567041} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3636 Operation ID: {0,566998} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3472 Operation ID: {0,566953} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar228.tmp Handle ID: 2544 Operation ID: {0,566922} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab227.tmp Handle ID: 2544 Operation ID: {0,566917} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar228.tmp Handle ID: 2544 Operation ID: {0,566914} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3548 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar228.tmp Handle ID: 3472 Operation ID: {0,566901} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3548 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab227.tmp Handle ID: 2544 Operation ID: {0,566898} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab227.tmp Handle ID: 3548 Operation ID: {0,566897} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3548 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3548 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab227.tmp Handle ID: 3548 Operation ID: {0,566886} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3548 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar228.tmp Handle ID: 3548 Operation ID: {0,566883} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3548 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab227.tmp Handle ID: 3548 Operation ID: {0,566879} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3636 Operation ID: {0,566825} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3636 Operation ID: {0,566762} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar226.tmp Handle ID: 3472 Operation ID: {0,566730} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab225.tmp Handle ID: 3472 Operation ID: {0,566725} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar226.tmp Handle ID: 3472 Operation ID: {0,566722} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3548 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3548 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3548 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar226.tmp Handle ID: 3548 Operation ID: {0,566709} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab225.tmp Handle ID: 3472 Operation ID: {0,566706} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab225.tmp Handle ID: 3516 Operation ID: {0,566705} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab225.tmp Handle ID: 3516 Operation ID: {0,566694} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar226.tmp Handle ID: 3516 Operation ID: {0,566691} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab225.tmp Handle ID: 3516 Operation ID: {0,566687} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3548 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3548 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3548 Operation ID: {0,566652} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3548 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3548 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3548 Operation ID: {0,566614} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3636 Operation ID: {0,566571} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2576 Operation ID: {0,566526} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3548 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3548 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3548 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3548 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar224.tmp Handle ID: 3548 Operation ID: {0,566501} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3548 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3548 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3548 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3548 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab223.tmp Handle ID: 3548 Operation ID: {0,566496} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3548 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3548 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar224.tmp Handle ID: 3548 Operation ID: {0,566493} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3548 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3548 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar224.tmp Handle ID: 2576 Operation ID: {0,566480} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab223.tmp Handle ID: 3548 Operation ID: {0,566477} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab223.tmp Handle ID: 3428 Operation ID: {0,566476} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab223.tmp Handle ID: 3428 Operation ID: {0,566467} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar224.tmp Handle ID: 3428 Operation ID: {0,566462} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab223.tmp Handle ID: 3428 Operation ID: {0,566458} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3636 Operation ID: {0,566405} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3636 Operation ID: {0,566342} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar222.tmp Handle ID: 3516 Operation ID: {0,566306} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab221.tmp Handle ID: 3516 Operation ID: {0,566301} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar222.tmp Handle ID: 3516 Operation ID: {0,566296} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3548 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3548 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3548 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar222.tmp Handle ID: 3548 Operation ID: {0,566283} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab221.tmp Handle ID: 3516 Operation ID: {0,566282} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab221.tmp Handle ID: 3592 Operation ID: {0,566281} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab221.tmp Handle ID: 3592 Operation ID: {0,566272} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar222.tmp Handle ID: 3592 Operation ID: {0,566269} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab221.tmp Handle ID: 3592 Operation ID: {0,566267} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3548 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3548 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3548 Operation ID: {0,566232} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3548 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3548 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3548 Operation ID: {0,566194} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3636 Operation ID: {0,566151} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar220.tmp Handle ID: 3592 Operation ID: {0,566117} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab21F.tmp Handle ID: 3592 Operation ID: {0,566112} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar220.tmp Handle ID: 3592 Operation ID: {0,566109} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar220.tmp Handle ID: 3428 Operation ID: {0,566098} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab21F.tmp Handle ID: 3592 Operation ID: {0,566095} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab21F.tmp Handle ID: 2544 Operation ID: {0,566094} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab21F.tmp Handle ID: 2544 Operation ID: {0,566085} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar220.tmp Handle ID: 2544 Operation ID: {0,566082} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab21F.tmp Handle ID: 2544 Operation ID: {0,566078} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3636 Operation ID: {0,566025} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3636 Operation ID: {0,565964} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar21E.tmp Handle ID: 3428 Operation ID: {0,565934} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab21D.tmp Handle ID: 3428 Operation ID: {0,565931} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar21E.tmp Handle ID: 3428 Operation ID: {0,565926} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar21E.tmp Handle ID: 2544 Operation ID: {0,565917} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab21D.tmp Handle ID: 3428 Operation ID: {0,565916} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab21D.tmp Handle ID: 3472 Operation ID: {0,565915} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab21D.tmp Handle ID: 3472 Operation ID: {0,565906} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar21E.tmp Handle ID: 3472 Operation ID: {0,565903} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab21D.tmp Handle ID: 3472 Operation ID: {0,565901} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2544 Operation ID: {0,565866} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2544 Operation ID: {0,565828} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2544 Operation ID: {0,565787} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar21C.tmp Handle ID: 3636 Operation ID: {0,565736} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab21B.tmp Handle ID: 3636 Operation ID: {0,565731} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar21C.tmp Handle ID: 3636 Operation ID: {0,565726} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3596 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3596 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3596 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar21C.tmp Handle ID: 3596 Operation ID: {0,565713} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab21B.tmp Handle ID: 3636 Operation ID: {0,565710} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab21B.tmp Handle ID: 3324 Operation ID: {0,565709} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab21B.tmp Handle ID: 3324 Operation ID: {0,565698} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar21C.tmp Handle ID: 3324 Operation ID: {0,565697} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab21B.tmp Handle ID: 3324 Operation ID: {0,565693} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3572 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3572 Operation ID: {0,565640} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3572 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3572 Operation ID: {0,565575} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3608 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3608 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3608 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3608 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar21A.tmp Handle ID: 3608 Operation ID: {0,565537} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3608 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3608 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3608 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3608 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab219.tmp Handle ID: 3608 Operation ID: {0,565528} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3608 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3608 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar21A.tmp Handle ID: 3608 Operation ID: {0,565521} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3608 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3640 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3608 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar21A.tmp Handle ID: 3636 Operation ID: {0,565504} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3640 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab219.tmp Handle ID: 3608 Operation ID: {0,565501} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab219.tmp Handle ID: 3640 Operation ID: {0,565498} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3640 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3640 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab219.tmp Handle ID: 3640 Operation ID: {0,565487} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3640 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar21A.tmp Handle ID: 3640 Operation ID: {0,565484} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3640 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab219.tmp Handle ID: 3640 Operation ID: {0,565478} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3636 Operation ID: {0,565443} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3636 Operation ID: {0,565405} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:26 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3572 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:26 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3572 Operation ID: {0,565362} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3324 Operation ID: {0,565317} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3640 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3640 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3640 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3640 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar218.tmp Handle ID: 3640 Operation ID: {0,565288} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3640 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3640 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3640 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3640 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab217.tmp Handle ID: 3640 Operation ID: {0,565279} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3640 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3640 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar218.tmp Handle ID: 3640 Operation ID: {0,565270} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3640 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3640 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar218.tmp Handle ID: 3324 Operation ID: {0,565252} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab217.tmp Handle ID: 3640 Operation ID: {0,565245} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab217.tmp Handle ID: 3524 Operation ID: {0,565244} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab217.tmp Handle ID: 3524 Operation ID: {0,565235} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar218.tmp Handle ID: 3524 Operation ID: {0,565228} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab217.tmp Handle ID: 3524 Operation ID: {0,565224} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,565171} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,565108} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar216.tmp Handle ID: 3324 Operation ID: {0,565070} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab215.tmp Handle ID: 3324 Operation ID: {0,565061} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar216.tmp Handle ID: 3324 Operation ID: {0,565054} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3608 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar216.tmp Handle ID: 3524 Operation ID: {0,565037} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3608 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab215.tmp Handle ID: 3324 Operation ID: {0,565032} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab215.tmp Handle ID: 3608 Operation ID: {0,565031} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3608 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3608 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab215.tmp Handle ID: 3608 Operation ID: {0,565020} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3608 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar216.tmp Handle ID: 3608 Operation ID: {0,565017} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3608 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab215.tmp Handle ID: 3608 Operation ID: {0,565011} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3524 Operation ID: {0,564976} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3524 Operation ID: {0,564938} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,564895} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3624 Operation ID: {0,564849} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar214.tmp Handle ID: 3524 Operation ID: {0,564824} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab213.tmp Handle ID: 3524 Operation ID: {0,564823} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar214.tmp Handle ID: 3524 Operation ID: {0,564822} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar214.tmp Handle ID: 3624 Operation ID: {0,564821} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab213.tmp Handle ID: 3524 Operation ID: {0,564820} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab213.tmp Handle ID: 3332 Operation ID: {0,564819} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab213.tmp Handle ID: 3332 Operation ID: {0,564816} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar214.tmp Handle ID: 3332 Operation ID: {0,564815} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab213.tmp Handle ID: 3332 Operation ID: {0,564809} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,564756} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,564693} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3564 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3564 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3564 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3564 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar212.tmp Handle ID: 3564 Operation ID: {0,564650} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3564 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3564 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3564 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3564 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab211.tmp Handle ID: 3564 Operation ID: {0,564641} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3564 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3564 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar212.tmp Handle ID: 3564 Operation ID: {0,564634} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3564 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3564 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar212.tmp Handle ID: 3576 Operation ID: {0,564617} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab211.tmp Handle ID: 3564 Operation ID: {0,564612} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab211.tmp Handle ID: 3332 Operation ID: {0,564611} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3560 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3560 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab211.tmp Handle ID: 3560 Operation ID: {0,564593} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar212.tmp Handle ID: 3576 Operation ID: {0,564587} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab211.tmp Handle ID: 3576 Operation ID: {0,564511} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar210.tmp Handle ID: 3576 Operation ID: {0,564560} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab20F.tmp Handle ID: 3576 Operation ID: {0,564551} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar210.tmp Handle ID: 3576 Operation ID: {0,564544} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3608 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3640 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3640 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3640 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar210.tmp Handle ID: 3640 Operation ID: {0,564529} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3608 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab20F.tmp Handle ID: 3576 Operation ID: {0,564522} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab20F.tmp Handle ID: 3608 Operation ID: {0,564521} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3608 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3608 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab20F.tmp Handle ID: 3608 Operation ID: {0,564512} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3640 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3640 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3640 Operation ID: {0,564476} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar210.tmp Handle ID: 3624 Operation ID: {0,564436} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3640 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab20F.tmp Handle ID: 3624 Operation ID: {0,564430} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3640 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3640 Operation ID: {0,564425} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,564355} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3520 Operation ID: {0,564329} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3600 Operation ID: {0,564284} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar20E.tmp Handle ID: 3348 Operation ID: {0,564235} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab20D.tmp Handle ID: 3348 Operation ID: {0,564226} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar20E.tmp Handle ID: 3348 Operation ID: {0,564217} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3604 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3596 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3596 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3596 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar20E.tmp Handle ID: 3596 Operation ID: {0,564200} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3604 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab20D.tmp Handle ID: 3348 Operation ID: {0,564196} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab20D.tmp Handle ID: 3604 Operation ID: {0,564195} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3612 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab20D.tmp Handle ID: 3612 Operation ID: {0,564178} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar20E.tmp Handle ID: 3612 Operation ID: {0,564177} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab20D.tmp Handle ID: 3612 Operation ID: {0,564170} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3632 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3632 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3632 Operation ID: {0,564020} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3636 Operation ID: {0,564021} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar20C.tmp Handle ID: 3616 Operation ID: {0,563979} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab20B.tmp Handle ID: 3616 Operation ID: {0,563974} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar20C.tmp Handle ID: 3616 Operation ID: {0,563969} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar20C.tmp Handle ID: 3600 Operation ID: {0,563954} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab20B.tmp Handle ID: 3616 Operation ID: {0,563951} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab20B.tmp Handle ID: 3544 Operation ID: {0,563950} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab20B.tmp Handle ID: 3544 Operation ID: {0,563941} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3572 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3572 Operation ID: {0,563889} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar20C.tmp Handle ID: 3612 Operation ID: {0,563880} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab20B.tmp Handle ID: 3612 Operation ID: {0,563876} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3572 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3572 Operation ID: {0,563841} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3572 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3572 Operation ID: {0,563803} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3596 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3596 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3596 Operation ID: {0,563760} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar20A.tmp Handle ID: 3500 Operation ID: {0,563719} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab209.tmp Handle ID: 3500 Operation ID: {0,563708} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar20A.tmp Handle ID: 3500 Operation ID: {0,563705} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar20A.tmp Handle ID: 3580 Operation ID: {0,563672} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab209.tmp Handle ID: 3500 Operation ID: {0,563654} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab209.tmp Handle ID: 3324 Operation ID: {0,563652} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3588 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3588 Operation ID: {0,563644} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3588 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab209.tmp Handle ID: 3588 Operation ID: {0,563635} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar20A.tmp Handle ID: 3588 Operation ID: {0,563617} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3588 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3588 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar208.tmp Handle ID: 3588 Operation ID: {0,563608} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab209.tmp Handle ID: 3588 Operation ID: {0,563597} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3588 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3588 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab207.tmp Handle ID: 3588 Operation ID: {0,563602} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3588 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar208.tmp Handle ID: 3588 Operation ID: {0,563600} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3612 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3612 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,563558} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3612 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3588 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar208.tmp Handle ID: 3612 Operation ID: {0,563530} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab207.tmp Handle ID: 3588 Operation ID: {0,563528} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab207.tmp Handle ID: 3572 Operation ID: {0,563525} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab207.tmp Handle ID: 3572 Operation ID: {0,563512} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar208.tmp Handle ID: 3572 Operation ID: {0,563504} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab207.tmp Handle ID: 3580 Operation ID: {0,563498} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3572 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3572 Operation ID: {0,563493} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3636 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3636 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3636 Operation ID: {0,563408} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3624 Operation ID: {0,563401} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3608 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3608 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3608 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3608 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar206.tmp Handle ID: 3608 Operation ID: {0,563360} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3608 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3608 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3608 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3608 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab205.tmp Handle ID: 3608 Operation ID: {0,563349} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3608 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3608 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar206.tmp Handle ID: 3608 Operation ID: {0,563344} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3608 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3596 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3596 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3596 Operation ID: {0,563282} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3608 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar206.tmp Handle ID: 3500 Operation ID: {0,563267} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3588 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab205.tmp Handle ID: 3608 Operation ID: {0,563264} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab205.tmp Handle ID: 3588 Operation ID: {0,563263} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3588 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab205.tmp Handle ID: 3588 Operation ID: {0,563254} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar206.tmp Handle ID: 3588 Operation ID: {0,563249} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab205.tmp Handle ID: 3588 Operation ID: {0,563243} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3624 Operation ID: {0,563190} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar204.tmp Handle ID: 3616 Operation ID: {0,563155} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab203.tmp Handle ID: 3616 Operation ID: {0,563150} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar204.tmp Handle ID: 3616 Operation ID: {0,563147} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3616 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3616 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar204.tmp Handle ID: 3324 Operation ID: {0,563134} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab203.tmp Handle ID: 3616 Operation ID: {0,563129} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab203.tmp Handle ID: 3520 Operation ID: {0,563128} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab203.tmp Handle ID: 3520 Operation ID: {0,563119} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar204.tmp Handle ID: 3520 Operation ID: {0,563116} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab203.tmp Handle ID: 3520 Operation ID: {0,563112} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3324 Operation ID: {0,563077} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3572 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3572 Operation ID: {0,563034} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,562984} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3624 Operation ID: {0,562933} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar202.tmp Handle ID: 3500 Operation ID: {0,562894} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab201.tmp Handle ID: 3500 Operation ID: {0,562889} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar202.tmp Handle ID: 3500 Operation ID: {0,562886} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar202.tmp Handle ID: 3576 Operation ID: {0,562855} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab201.tmp Handle ID: 3500 Operation ID: {0,562853} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab201.tmp Handle ID: 3324 Operation ID: {0,562850} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab201.tmp Handle ID: 3580 Operation ID: {0,562816} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3500 Operation ID: {0,562823} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar202.tmp Handle ID: 3572 Operation ID: {0,562815} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab201.tmp Handle ID: 3572 Operation ID: {0,562804} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3500 Operation ID: {0,562758} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar200.tmp Handle ID: 3324 Operation ID: {0,562733} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1FF.tmp Handle ID: 3324 Operation ID: {0,562728} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar200.tmp Handle ID: 3324 Operation ID: {0,562721} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3500 Operation ID: {0,562691} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar200.tmp Handle ID: 3576 Operation ID: {0,562648} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1FF.tmp Handle ID: 3324 Operation ID: {0,562647} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1FF.tmp Handle ID: 3580 Operation ID: {0,562646} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,562639} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1FF.tmp Handle ID: 3324 Operation ID: {0,562636} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar200.tmp Handle ID: 3348 Operation ID: {0,562632} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1FF.tmp Handle ID: 3572 Operation ID: {0,562627} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3588 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3588 Operation ID: {0,562563} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3588 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3588 Operation ID: {0,562491} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1FE.tmp Handle ID: 3580 Operation ID: {0,562457} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1FD.tmp Handle ID: 3580 Operation ID: {0,562452} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1FE.tmp Handle ID: 3580 Operation ID: {0,562447} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1FE.tmp Handle ID: 3540 Operation ID: {0,562434} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1FD.tmp Handle ID: 3580 Operation ID: {0,562431} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1FD.tmp Handle ID: 3500 Operation ID: {0,562430} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1FD.tmp Handle ID: 3500 Operation ID: {0,562421} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1FE.tmp Handle ID: 3500 Operation ID: {0,562420} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1FD.tmp Handle ID: 3500 Operation ID: {0,562414} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3540 Operation ID: {0,562379} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3540 Operation ID: {0,562341} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3588 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3588 Operation ID: {0,562298} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3572 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3572 Operation ID: {0,562253} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1FC.tmp Handle ID: 3500 Operation ID: {0,562226} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1FB.tmp Handle ID: 3500 Operation ID: {0,562221} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1FC.tmp Handle ID: 3500 Operation ID: {0,562216} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1FC.tmp Handle ID: 3572 Operation ID: {0,562203} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1FB.tmp Handle ID: 3500 Operation ID: {0,562200} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1FB.tmp Handle ID: 3576 Operation ID: {0,562199} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1FB.tmp Handle ID: 3576 Operation ID: {0,562190} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1FC.tmp Handle ID: 3576 Operation ID: {0,562185} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1FB.tmp Handle ID: 3576 Operation ID: {0,562181} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3588 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3588 Operation ID: {0,562128} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3588 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3588 Operation ID: {0,562067} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1FA.tmp Handle ID: 3572 Operation ID: {0,562033} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1F9.tmp Handle ID: 3572 Operation ID: {0,562028} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1FA.tmp Handle ID: 3572 Operation ID: {0,562023} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1FA.tmp Handle ID: 3576 Operation ID: {0,562008} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1F9.tmp Handle ID: 3572 Operation ID: {0,562005} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1F9.tmp Handle ID: 3524 Operation ID: {0,562004} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1F9.tmp Handle ID: 3524 Operation ID: {0,561995} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1FA.tmp Handle ID: 3524 Operation ID: {0,561992} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1F9.tmp Handle ID: 3524 Operation ID: {0,561988} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3576 Operation ID: {0,561953} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3576 Operation ID: {0,561915} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3588 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3588 Operation ID: {0,561872} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1F8.tmp Handle ID: 3576 Operation ID: {0,561836} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1F7.tmp Handle ID: 3576 Operation ID: {0,561833} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1F8.tmp Handle ID: 3576 Operation ID: {0,561830} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1F8.tmp Handle ID: 3544 Operation ID: {0,561819} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1F7.tmp Handle ID: 3576 Operation ID: {0,561816} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1F7.tmp Handle ID: 3348 Operation ID: {0,561815} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1F7.tmp Handle ID: 3348 Operation ID: {0,561804} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1F8.tmp Handle ID: 3348 Operation ID: {0,561801} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1F7.tmp Handle ID: 3348 Operation ID: {0,561797} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3588 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3588 Operation ID: {0,561744} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3588 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3588 Operation ID: {0,561681} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1F6.tmp Handle ID: 3496 Operation ID: {0,561645} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1F5.tmp Handle ID: 3496 Operation ID: {0,561642} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1F6.tmp Handle ID: 3496 Operation ID: {0,561639} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1F6.tmp Handle ID: 3524 Operation ID: {0,561626} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1F5.tmp Handle ID: 3496 Operation ID: {0,561623} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1F5.tmp Handle ID: 3392 Operation ID: {0,561622} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1F5.tmp Handle ID: 3392 Operation ID: {0,561613} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1F6.tmp Handle ID: 3392 Operation ID: {0,561610} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1F5.tmp Handle ID: 3392 Operation ID: {0,561606} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3524 Operation ID: {0,561571} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3524 Operation ID: {0,561535} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3524 Operation ID: {0,561498} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3568 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3568 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3568 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3568 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1F4.tmp Handle ID: 3568 Operation ID: {0,561443} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3568 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3568 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3568 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3568 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1F3.tmp Handle ID: 3568 Operation ID: {0,561442} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3568 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3568 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1F4.tmp Handle ID: 3568 Operation ID: {0,561441} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3568 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3548 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3568 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1F4.tmp Handle ID: 3392 Operation ID: {0,561440} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3548 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1F3.tmp Handle ID: 3568 Operation ID: {0,561439} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1F3.tmp Handle ID: 3548 Operation ID: {0,561438} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3548 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3548 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1F3.tmp Handle ID: 3548 Operation ID: {0,561435} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3548 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1F4.tmp Handle ID: 3548 Operation ID: {0,561432} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3548 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1F3.tmp Handle ID: 3548 Operation ID: {0,561428} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3576 Operation ID: {0,561375} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3576 Operation ID: {0,561312} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1F2.tmp Handle ID: 3540 Operation ID: {0,561272} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1F1.tmp Handle ID: 3540 Operation ID: {0,561259} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1F2.tmp Handle ID: 3540 Operation ID: {0,561256} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3568 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3568 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3568 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1F2.tmp Handle ID: 3568 Operation ID: {0,561239} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1F1.tmp Handle ID: 3540 Operation ID: {0,561234} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1F1.tmp Handle ID: 3348 Operation ID: {0,561233} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1F1.tmp Handle ID: 3348 Operation ID: {0,561222} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1F2.tmp Handle ID: 3348 Operation ID: {0,561219} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1F1.tmp Handle ID: 3348 Operation ID: {0,561213} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3568 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3568 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3568 Operation ID: {0,561178} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3568 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3568 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3568 Operation ID: {0,561140} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3576 Operation ID: {0,561097} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3548 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3548 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3548 Operation ID: {0,561047} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1F0.tmp Handle ID: 3348 Operation ID: {0,561018} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1EF.tmp Handle ID: 3348 Operation ID: {0,561007} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1F0.tmp Handle ID: 3348 Operation ID: {0,561000} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3548 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3548 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3548 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1F0.tmp Handle ID: 3548 Operation ID: {0,560987} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1EF.tmp Handle ID: 3348 Operation ID: {0,560980} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1EF.tmp Handle ID: 3500 Operation ID: {0,560979} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1EF.tmp Handle ID: 3500 Operation ID: {0,560970} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1F0.tmp Handle ID: 3500 Operation ID: {0,560963} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1EF.tmp Handle ID: 3500 Operation ID: {0,560959} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3572 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3572 Operation ID: {0,560906} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3572 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3572 Operation ID: {0,560843} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3548 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3548 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3548 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3548 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1EE.tmp Handle ID: 3548 Operation ID: {0,560805} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3548 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3548 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3548 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3548 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1ED.tmp Handle ID: 3548 Operation ID: {0,560792} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3548 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3548 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1EE.tmp Handle ID: 3548 Operation ID: {0,560789} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3548 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3548 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1EE.tmp Handle ID: 3500 Operation ID: {0,560772} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1ED.tmp Handle ID: 3548 Operation ID: {0,560767} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1ED.tmp Handle ID: 3540 Operation ID: {0,560766} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1ED.tmp Handle ID: 3540 Operation ID: {0,560755} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1EE.tmp Handle ID: 3540 Operation ID: {0,560752} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1ED.tmp Handle ID: 3540 Operation ID: {0,560746} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3500 Operation ID: {0,560711} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3500 Operation ID: {0,560673} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3572 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3572 Operation ID: {0,560630} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,560585} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1EC.tmp Handle ID: 3500 Operation ID: {0,560556} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1EB.tmp Handle ID: 3500 Operation ID: {0,560545} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1EC.tmp Handle ID: 3500 Operation ID: {0,560540} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1EC.tmp Handle ID: 3544 Operation ID: {0,560525} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1EB.tmp Handle ID: 3500 Operation ID: {0,560518} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1EB.tmp Handle ID: 3580 Operation ID: {0,560517} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1EB.tmp Handle ID: 3580 Operation ID: {0,560508} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1EC.tmp Handle ID: 3580 Operation ID: {0,560501} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1EB.tmp Handle ID: 3580 Operation ID: {0,560497} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3572 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3572 Operation ID: {0,560444} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3556 Operation ID: {0,560368} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1EA.tmp Handle ID: 3544 Operation ID: {0,560330} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1E9.tmp Handle ID: 3544 Operation ID: {0,560321} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1EA.tmp Handle ID: 3544 Operation ID: {0,560314} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1EA.tmp Handle ID: 3580 Operation ID: {0,560297} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1E9.tmp Handle ID: 3544 Operation ID: {0,560292} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1E9.tmp Handle ID: 3524 Operation ID: {0,560291} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1E9.tmp Handle ID: 3524 Operation ID: {0,560280} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1EA.tmp Handle ID: 3524 Operation ID: {0,560277} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1E9.tmp Handle ID: 3524 Operation ID: {0,560269} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,560236} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,560198} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3556 Operation ID: {0,560155} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3392 Operation ID: {0,560110} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1E8.tmp Handle ID: 3580 Operation ID: {0,560085} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1E7.tmp Handle ID: 3580 Operation ID: {0,560084} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1E8.tmp Handle ID: 3580 Operation ID: {0,560083} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1E8.tmp Handle ID: 3392 Operation ID: {0,560082} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1E7.tmp Handle ID: 3580 Operation ID: {0,560081} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1E7.tmp Handle ID: 3348 Operation ID: {0,560080} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1E7.tmp Handle ID: 3348 Operation ID: {0,560077} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1E8.tmp Handle ID: 3348 Operation ID: {0,560076} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1E7.tmp Handle ID: 3348 Operation ID: {0,560070} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3556 Operation ID: {0,560017} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3556 Operation ID: {0,559952} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1E6.tmp Handle ID: 3524 Operation ID: {0,559914} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1E5.tmp Handle ID: 3524 Operation ID: {0,559901} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1E6.tmp Handle ID: 3524 Operation ID: {0,559898} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3528 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1E6.tmp Handle ID: 3580 Operation ID: {0,559881} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3528 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1E5.tmp Handle ID: 3524 Operation ID: {0,559876} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1E5.tmp Handle ID: 3528 Operation ID: {0,559875} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3528 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3528 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1E5.tmp Handle ID: 3528 Operation ID: {0,559864} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3528 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1E6.tmp Handle ID: 3528 Operation ID: {0,559861} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3528 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1E5.tmp Handle ID: 3528 Operation ID: {0,559855} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,559820} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3580 Operation ID: {0,559782} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3556 Operation ID: {0,559739} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1E4.tmp Handle ID: 3580 Operation ID: {0,559700} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1E3.tmp Handle ID: 3580 Operation ID: {0,559689} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1E4.tmp Handle ID: 3580 Operation ID: {0,559684} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1E4.tmp Handle ID: 3348 Operation ID: {0,559669} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1E3.tmp Handle ID: 3580 Operation ID: {0,559662} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1E3.tmp Handle ID: 3500 Operation ID: {0,559661} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1E3.tmp Handle ID: 3500 Operation ID: {0,559652} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1E4.tmp Handle ID: 3500 Operation ID: {0,559645} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1E3.tmp Handle ID: 3500 Operation ID: {0,559641} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3556 Operation ID: {0,559588} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3556 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3556 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3556 Operation ID: {0,559525} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1E2.tmp Handle ID: 3348 Operation ID: {0,559487} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1E1.tmp Handle ID: 3348 Operation ID: {0,559474} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1E2.tmp Handle ID: 3348 Operation ID: {0,559471} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1E2.tmp Handle ID: 3500 Operation ID: {0,559454} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1E1.tmp Handle ID: 3348 Operation ID: {0,559449} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1E1.tmp Handle ID: 3544 Operation ID: {0,559448} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1E1.tmp Handle ID: 3544 Operation ID: {0,559437} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1E2.tmp Handle ID: 3544 Operation ID: {0,559434} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1E1.tmp Handle ID: 3544 Operation ID: {0,559428} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3500 Operation ID: {0,559393} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3500 Operation ID: {0,559355} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3500 Operation ID: {0,559314} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1E0.tmp Handle ID: 3416 Operation ID: {0,559174} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1DF.tmp Handle ID: 3416 Operation ID: {0,559169} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1E0.tmp Handle ID: 3416 Operation ID: {0,559168} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1E0.tmp Handle ID: 3540 Operation ID: {0,559167} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1DF.tmp Handle ID: 3416 Operation ID: {0,559166} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1DF.tmp Handle ID: 3332 Operation ID: {0,559165} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1DF.tmp Handle ID: 3332 Operation ID: {0,559162} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1E0.tmp Handle ID: 3332 Operation ID: {0,559161} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1DF.tmp Handle ID: 3332 Operation ID: {0,559157} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3508 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3508 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3508 Operation ID: {0,559106} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3508 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3508 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3508 Operation ID: {0,559043} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1DE.tmp Handle ID: 3500 Operation ID: {0,559006} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1DD.tmp Handle ID: 3500 Operation ID: {0,558997} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1DE.tmp Handle ID: 3500 Operation ID: {0,558990} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1DE.tmp Handle ID: 3332 Operation ID: {0,558973} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1DD.tmp Handle ID: 3500 Operation ID: {0,558968} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1DD.tmp Handle ID: 3544 Operation ID: {0,558967} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1DD.tmp Handle ID: 3544 Operation ID: {0,558956} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1DE.tmp Handle ID: 3544 Operation ID: {0,558953} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1DD.tmp Handle ID: 3544 Operation ID: {0,558947} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3332 Operation ID: {0,558912} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3332 Operation ID: {0,558874} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3508 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3508 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3508 Operation ID: {0,558831} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3540 Operation ID: {0,558786} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1DC.tmp Handle ID: 3544 Operation ID: {0,558757} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1DB.tmp Handle ID: 3544 Operation ID: {0,558746} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1DC.tmp Handle ID: 3544 Operation ID: {0,558743} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1DC.tmp Handle ID: 3540 Operation ID: {0,558726} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1DB.tmp Handle ID: 3544 Operation ID: {0,558723} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1DB.tmp Handle ID: 3348 Operation ID: {0,558720} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1DB.tmp Handle ID: 3348 Operation ID: {0,558709} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1DC.tmp Handle ID: 3348 Operation ID: {0,558706} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1DB.tmp Handle ID: 3348 Operation ID: {0,558700} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3508 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3508 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3508 Operation ID: {0,558647} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3508 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3508 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3508 Operation ID: {0,558584} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1DA.tmp Handle ID: 3500 Operation ID: {0,558554} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1D9.tmp Handle ID: 3500 Operation ID: {0,558553} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1DA.tmp Handle ID: 3500 Operation ID: {0,558550} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1DA.tmp Handle ID: 3348 Operation ID: {0,558535} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1D9.tmp Handle ID: 3500 Operation ID: {0,558528} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1D9.tmp Handle ID: 3532 Operation ID: {0,558527} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1D9.tmp Handle ID: 3532 Operation ID: {0,558518} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1DA.tmp Handle ID: 3532 Operation ID: {0,558513} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1D9.tmp Handle ID: 3532 Operation ID: {0,558507} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3348 Operation ID: {0,558472} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3348 Operation ID: {0,558434} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3508 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3508 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3508 Operation ID: {0,558391} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3540 Operation ID: {0,558346} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1D8.tmp Handle ID: 3348 Operation ID: {0,558313} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1D7.tmp Handle ID: 3348 Operation ID: {0,558308} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1D8.tmp Handle ID: 3348 Operation ID: {0,558305} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1D8.tmp Handle ID: 3540 Operation ID: {0,558292} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1D7.tmp Handle ID: 3348 Operation ID: {0,558289} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1D7.tmp Handle ID: 3416 Operation ID: {0,558288} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1D7.tmp Handle ID: 3416 Operation ID: {0,558281} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1D8.tmp Handle ID: 3416 Operation ID: {0,558278} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1D7.tmp Handle ID: 3416 Operation ID: {0,558274} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3508 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3508 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3508 Operation ID: {0,558221} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3508 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3508 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3508 Operation ID: {0,558157} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1D6.tmp Handle ID: 3532 Operation ID: {0,558121} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1D5.tmp Handle ID: 3532 Operation ID: {0,558112} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1D6.tmp Handle ID: 3532 Operation ID: {0,558105} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1D6.tmp Handle ID: 3348 Operation ID: {0,558090} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1D5.tmp Handle ID: 3532 Operation ID: {0,558083} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1D5.tmp Handle ID: 3332 Operation ID: {0,558082} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1D5.tmp Handle ID: 3332 Operation ID: {0,558073} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1D6.tmp Handle ID: 3332 Operation ID: {0,558066} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1D5.tmp Handle ID: 3332 Operation ID: {0,558062} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3348 Operation ID: {0,558027} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3348 Operation ID: {0,557989} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3508 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3508 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3508 Operation ID: {0,557946} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3416 Operation ID: {0,557901} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1D4.tmp Handle ID: 3332 Operation ID: {0,557870} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1D3.tmp Handle ID: 3332 Operation ID: {0,557857} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1D4.tmp Handle ID: 3332 Operation ID: {0,557854} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1D4.tmp Handle ID: 3416 Operation ID: {0,557837} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1D3.tmp Handle ID: 3332 Operation ID: {0,557832} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1D3.tmp Handle ID: 3544 Operation ID: {0,557831} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1D3.tmp Handle ID: 3544 Operation ID: {0,557820} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1D4.tmp Handle ID: 3544 Operation ID: {0,557817} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1D3.tmp Handle ID: 3544 Operation ID: {0,557811} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3508 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3508 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3508 Operation ID: {0,557758} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3508 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3508 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3508 Operation ID: {0,557695} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1D2.tmp Handle ID: 3416 Operation ID: {0,557659} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1D1.tmp Handle ID: 3416 Operation ID: {0,557648} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1D2.tmp Handle ID: 3416 Operation ID: {0,557643} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1D2.tmp Handle ID: 3544 Operation ID: {0,557628} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1D1.tmp Handle ID: 3416 Operation ID: {0,557621} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1D1.tmp Handle ID: 3500 Operation ID: {0,557620} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1D1.tmp Handle ID: 3500 Operation ID: {0,557611} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1D2.tmp Handle ID: 3500 Operation ID: {0,557604} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1D1.tmp Handle ID: 3500 Operation ID: {0,557600} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,557565} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,557527} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3508 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3508 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3508 Operation ID: {0,557484} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1D0.tmp Handle ID: 3544 Operation ID: {0,557442} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1CF.tmp Handle ID: 3544 Operation ID: {0,557437} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1D0.tmp Handle ID: 3544 Operation ID: {0,557432} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1D0.tmp Handle ID: 3516 Operation ID: {0,557421} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1CF.tmp Handle ID: 3544 Operation ID: {0,557418} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1CF.tmp Handle ID: 3540 Operation ID: {0,557417} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1CF.tmp Handle ID: 3540 Operation ID: {0,557408} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1D0.tmp Handle ID: 3540 Operation ID: {0,557407} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1CF.tmp Handle ID: 3540 Operation ID: {0,557403} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3528 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3528 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3528 Operation ID: {0,557350} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3528 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3528 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3528 Operation ID: {0,557287} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1CE.tmp Handle ID: 3500 Operation ID: {0,557251} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1CD.tmp Handle ID: 3500 Operation ID: {0,557238} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1CE.tmp Handle ID: 3500 Operation ID: {0,557233} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1CE.tmp Handle ID: 3544 Operation ID: {0,557214} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1CD.tmp Handle ID: 3500 Operation ID: {0,557211} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1CD.tmp Handle ID: 3348 Operation ID: {0,557210} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1CD.tmp Handle ID: 3348 Operation ID: {0,557203} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1CE.tmp Handle ID: 3348 Operation ID: {0,557198} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1CD.tmp Handle ID: 3348 Operation ID: {0,557192} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,557157} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,557119} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,557078} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1CC.tmp Handle ID: 3592 Operation ID: {0,557012} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1CB.tmp Handle ID: 3592 Operation ID: {0,556999} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1CC.tmp Handle ID: 3592 Operation ID: {0,556996} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1CC.tmp Handle ID: 3544 Operation ID: {0,556979} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1CB.tmp Handle ID: 3592 Operation ID: {0,556974} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1CB.tmp Handle ID: 3348 Operation ID: {0,556973} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1CB.tmp Handle ID: 3348 Operation ID: {0,556962} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1CC.tmp Handle ID: 3348 Operation ID: {0,556959} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1CB.tmp Handle ID: 3348 Operation ID: {0,556953} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3528 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3528 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3528 Operation ID: {0,556900} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3528 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3528 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3528 Operation ID: {0,556832} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1CA.tmp Handle ID: 3544 Operation ID: {0,556796} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1C9.tmp Handle ID: 3544 Operation ID: {0,556785} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1CA.tmp Handle ID: 3544 Operation ID: {0,556782} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1CA.tmp Handle ID: 3348 Operation ID: {0,556765} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1C9.tmp Handle ID: 3544 Operation ID: {0,556760} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1C9.tmp Handle ID: 3312 Operation ID: {0,556759} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1C9.tmp Handle ID: 3312 Operation ID: {0,556748} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1CA.tmp Handle ID: 3312 Operation ID: {0,556745} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1C9.tmp Handle ID: 3312 Operation ID: {0,556737} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3348 Operation ID: {0,556708} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3348 Operation ID: {0,556670} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3528 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3528 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3528 Operation ID: {0,556627} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3332 Operation ID: {0,556582} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1C8.tmp Handle ID: 3348 Operation ID: {0,556551} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1C7.tmp Handle ID: 3348 Operation ID: {0,556542} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1C8.tmp Handle ID: 3348 Operation ID: {0,556535} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1C8.tmp Handle ID: 3332 Operation ID: {0,556518} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1C7.tmp Handle ID: 3348 Operation ID: {0,556513} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1C7.tmp Handle ID: 3416 Operation ID: {0,556512} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1C7.tmp Handle ID: 3416 Operation ID: {0,556501} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1C8.tmp Handle ID: 3416 Operation ID: {0,556498} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1C7.tmp Handle ID: 3416 Operation ID: {0,556492} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3528 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3528 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3528 Operation ID: {0,556439} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3528 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:24 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3528 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:24 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3528 Operation ID: {0,556376} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1C6.tmp Handle ID: 3312 Operation ID: {0,556340} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1C5.tmp Handle ID: 3312 Operation ID: {0,556329} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1C6.tmp Handle ID: 3312 Operation ID: {0,556326} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1C6.tmp Handle ID: 3416 Operation ID: {0,556309} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1C5.tmp Handle ID: 3312 Operation ID: {0,556304} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1C5.tmp Handle ID: 3392 Operation ID: {0,556303} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1C5.tmp Handle ID: 3392 Operation ID: {0,556292} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1C6.tmp Handle ID: 3392 Operation ID: {0,556289} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1C5.tmp Handle ID: 3392 Operation ID: {0,556283} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3416 Operation ID: {0,556248} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3416 Operation ID: {0,556210} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3528 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3528 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3528 Operation ID: {0,556167} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3332 Operation ID: {0,556122} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1C4.tmp Handle ID: 3392 Operation ID: {0,556092} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1C3.tmp Handle ID: 3392 Operation ID: {0,556081} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1C4.tmp Handle ID: 3392 Operation ID: {0,556074} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1C4.tmp Handle ID: 3332 Operation ID: {0,556061} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1C3.tmp Handle ID: 3392 Operation ID: {0,556054} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1C3.tmp Handle ID: 3592 Operation ID: {0,556053} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1C3.tmp Handle ID: 3592 Operation ID: {0,556044} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1C4.tmp Handle ID: 3592 Operation ID: {0,556037} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1C3.tmp Handle ID: 3592 Operation ID: {0,556033} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3528 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3528 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3528 Operation ID: {0,555980} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3528 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3528 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3528 Operation ID: {0,555917} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1C2.tmp Handle ID: 3332 Operation ID: {0,555879} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1C1.tmp Handle ID: 3332 Operation ID: {0,555866} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1C2.tmp Handle ID: 3332 Operation ID: {0,555863} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1C2.tmp Handle ID: 3592 Operation ID: {0,555846} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1C1.tmp Handle ID: 3332 Operation ID: {0,555841} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1C1.tmp Handle ID: 3544 Operation ID: {0,555840} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1C1.tmp Handle ID: 3544 Operation ID: {0,555829} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1C2.tmp Handle ID: 3544 Operation ID: {0,555826} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1C1.tmp Handle ID: 3544 Operation ID: {0,555818} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3592 Operation ID: {0,555789} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3592 Operation ID: {0,555753} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3528 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3528 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3528 Operation ID: {0,555710} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3540 Operation ID: {0,555665} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1C0.tmp Handle ID: 3592 Operation ID: {0,555636} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1BF.tmp Handle ID: 3592 Operation ID: {0,555625} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1C0.tmp Handle ID: 3592 Operation ID: {0,555620} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1C0.tmp Handle ID: 3540 Operation ID: {0,555605} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1BF.tmp Handle ID: 3592 Operation ID: {0,555598} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1BF.tmp Handle ID: 3348 Operation ID: {0,555597} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1BF.tmp Handle ID: 3348 Operation ID: {0,555588} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1C0.tmp Handle ID: 3348 Operation ID: {0,555581} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1BF.tmp Handle ID: 3348 Operation ID: {0,555577} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3528 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3528 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3528 Operation ID: {0,555524} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3528 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3528 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3528 Operation ID: {0,555461} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1BE.tmp Handle ID: 3416 Operation ID: {0,555421} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1BD.tmp Handle ID: 3416 Operation ID: {0,555408} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1BE.tmp Handle ID: 3416 Operation ID: {0,555405} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1BE.tmp Handle ID: 3592 Operation ID: {0,555388} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1BD.tmp Handle ID: 3416 Operation ID: {0,555383} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1BD.tmp Handle ID: 3544 Operation ID: {0,555382} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1BD.tmp Handle ID: 3544 Operation ID: {0,555371} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1BE.tmp Handle ID: 3544 Operation ID: {0,555368} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1BD.tmp Handle ID: 3544 Operation ID: {0,555362} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3592 Operation ID: {0,555327} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3592 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3592 Operation ID: {0,555289} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3528 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3528 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3528 Operation ID: {0,555246} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1BC.tmp Handle ID: 3544 Operation ID: {0,555210} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1BB.tmp Handle ID: 3544 Operation ID: {0,555199} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1BC.tmp Handle ID: 3544 Operation ID: {0,555192} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1BC.tmp Handle ID: 3348 Operation ID: {0,555179} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1BB.tmp Handle ID: 3544 Operation ID: {0,555172} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1BB.tmp Handle ID: 3392 Operation ID: {0,555171} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1BB.tmp Handle ID: 3392 Operation ID: {0,555162} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1BC.tmp Handle ID: 3392 Operation ID: {0,555155} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1BB.tmp Handle ID: 3392 Operation ID: {0,555151} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3568 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3568 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3568 Operation ID: {0,555026} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3588 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3588 Operation ID: {0,554825} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1BA.tmp Handle ID: 3416 Operation ID: {0,554787} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1B9.tmp Handle ID: 3416 Operation ID: {0,554774} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1BA.tmp Handle ID: 3416 Operation ID: {0,554771} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1BA.tmp Handle ID: 3392 Operation ID: {0,554754} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1B9.tmp Handle ID: 3416 Operation ID: {0,554749} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1B9.tmp Handle ID: 3332 Operation ID: {0,554748} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1B9.tmp Handle ID: 3332 Operation ID: {0,554737} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1BA.tmp Handle ID: 3332 Operation ID: {0,554734} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1B9.tmp Handle ID: 3332 Operation ID: {0,554728} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3392 Operation ID: {0,554693} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3392 Operation ID: {0,554655} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3392 Operation ID: {0,554614} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1B8.tmp Handle ID: 3524 Operation ID: {0,554542} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1B7.tmp Handle ID: 3524 Operation ID: {0,554531} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1B8.tmp Handle ID: 3524 Operation ID: {0,554524} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1B8.tmp Handle ID: 3392 Operation ID: {0,554511} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1B7.tmp Handle ID: 3524 Operation ID: {0,554504} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1B7.tmp Handle ID: 3332 Operation ID: {0,554503} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1B7.tmp Handle ID: 3332 Operation ID: {0,554494} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1B8.tmp Handle ID: 3332 Operation ID: {0,554489} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1B7.tmp Handle ID: 3332 Operation ID: {0,554485} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3588 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3588 Operation ID: {0,554432} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3588 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3588 Operation ID: {0,554369} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1B6.tmp Handle ID: 3348 Operation ID: {0,554333} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1B5.tmp Handle ID: 3348 Operation ID: {0,554322} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1B6.tmp Handle ID: 3348 Operation ID: {0,554319} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1B6.tmp Handle ID: 3524 Operation ID: {0,554302} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1B5.tmp Handle ID: 3348 Operation ID: {0,554297} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1B5.tmp Handle ID: 3516 Operation ID: {0,554296} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1B5.tmp Handle ID: 3516 Operation ID: {0,554285} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1B6.tmp Handle ID: 3516 Operation ID: {0,554282} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1B5.tmp Handle ID: 3516 Operation ID: {0,554276} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3524 Operation ID: {0,554241} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3524 Operation ID: {0,554203} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3588 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3588 Operation ID: {0,554162} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3332 Operation ID: {0,554117} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1B4.tmp Handle ID: 3516 Operation ID: {0,554088} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1B3.tmp Handle ID: 3516 Operation ID: {0,554075} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1B4.tmp Handle ID: 3516 Operation ID: {0,554072} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1B4.tmp Handle ID: 3332 Operation ID: {0,554055} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1B3.tmp Handle ID: 3516 Operation ID: {0,554050} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1B3.tmp Handle ID: 3324 Operation ID: {0,554049} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1B3.tmp Handle ID: 3324 Operation ID: {0,554038} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1B4.tmp Handle ID: 3324 Operation ID: {0,554035} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1B3.tmp Handle ID: 3324 Operation ID: {0,554029} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3588 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3588 Operation ID: {0,553976} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3588 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3588 Operation ID: {0,553913} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1B2.tmp Handle ID: 3332 Operation ID: {0,553822} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1B1.tmp Handle ID: 3332 Operation ID: {0,553821} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1B2.tmp Handle ID: 3332 Operation ID: {0,553820} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1B2.tmp Handle ID: 3324 Operation ID: {0,553819} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1B1.tmp Handle ID: 3332 Operation ID: {0,553818} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1B1.tmp Handle ID: 3312 Operation ID: {0,553817} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1B1.tmp Handle ID: 3312 Operation ID: {0,553814} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1B2.tmp Handle ID: 3312 Operation ID: {0,553813} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1B1.tmp Handle ID: 3312 Operation ID: {0,553811} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3324 Operation ID: {0,553780} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3324 Operation ID: {0,553746} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3588 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3588 Operation ID: {0,553703} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,553658} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1B0.tmp Handle ID: 3324 Operation ID: {0,553629} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1AF.tmp Handle ID: 3324 Operation ID: {0,553618} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1B0.tmp Handle ID: 3324 Operation ID: {0,553611} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1B0.tmp Handle ID: 3544 Operation ID: {0,553598} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1AF.tmp Handle ID: 3324 Operation ID: {0,553591} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1AF.tmp Handle ID: 3392 Operation ID: {0,553590} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1AF.tmp Handle ID: 3392 Operation ID: {0,553581} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1B0.tmp Handle ID: 3392 Operation ID: {0,553576} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1AF.tmp Handle ID: 3392 Operation ID: {0,553572} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3588 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3588 Operation ID: {0,553519} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3588 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3588 Operation ID: {0,553456} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1AE.tmp Handle ID: 3312 Operation ID: {0,553420} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1AD.tmp Handle ID: 3312 Operation ID: {0,553409} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1AE.tmp Handle ID: 3312 Operation ID: {0,553406} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1AE.tmp Handle ID: 3324 Operation ID: {0,553389} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1AD.tmp Handle ID: 3312 Operation ID: {0,553384} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1AD.tmp Handle ID: 3524 Operation ID: {0,553383} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1AD.tmp Handle ID: 3524 Operation ID: {0,553372} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1AE.tmp Handle ID: 3524 Operation ID: {0,553369} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1AD.tmp Handle ID: 3524 Operation ID: {0,553363} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3324 Operation ID: {0,553328} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3324 Operation ID: {0,553290} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3588 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3588 Operation ID: {0,553247} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3392 Operation ID: {0,553202} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1AC.tmp Handle ID: 3524 Operation ID: {0,553173} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1AB.tmp Handle ID: 3524 Operation ID: {0,553168} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1AC.tmp Handle ID: 3524 Operation ID: {0,553163} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1AC.tmp Handle ID: 3392 Operation ID: {0,553148} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1AB.tmp Handle ID: 3524 Operation ID: {0,553145} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1AB.tmp Handle ID: 3516 Operation ID: {0,553144} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1AB.tmp Handle ID: 3516 Operation ID: {0,553135} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1AC.tmp Handle ID: 3516 Operation ID: {0,553132} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1AB.tmp Handle ID: 3516 Operation ID: {0,553128} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3588 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3588 Operation ID: {0,553075} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3588 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3588 Operation ID: {0,553013} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1AA.tmp Handle ID: 3392 Operation ID: {0,552977} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1A9.tmp Handle ID: 3392 Operation ID: {0,552964} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1AA.tmp Handle ID: 3392 Operation ID: {0,552961} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1AA.tmp Handle ID: 3516 Operation ID: {0,552944} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1A9.tmp Handle ID: 3392 Operation ID: {0,552939} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1A9.tmp Handle ID: 3332 Operation ID: {0,552938} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1A9.tmp Handle ID: 3332 Operation ID: {0,552927} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1AA.tmp Handle ID: 3332 Operation ID: {0,552924} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1A9.tmp Handle ID: 3332 Operation ID: {0,552918} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3516 Operation ID: {0,552885} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3516 Operation ID: {0,552849} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3588 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3588 Operation ID: {0,552806} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1A8.tmp Handle ID: 3516 Operation ID: {0,552768} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1A7.tmp Handle ID: 3516 Operation ID: {0,552759} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1A8.tmp Handle ID: 3516 Operation ID: {0,552754} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1A8.tmp Handle ID: 3348 Operation ID: {0,552735} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1A7.tmp Handle ID: 3516 Operation ID: {0,552732} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1A7.tmp Handle ID: 3544 Operation ID: {0,552731} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1A7.tmp Handle ID: 3544 Operation ID: {0,552722} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1A8.tmp Handle ID: 3544 Operation ID: {0,552715} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1A7.tmp Handle ID: 3544 Operation ID: {0,552713} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3588 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3588 Operation ID: {0,552660} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3588 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3588 Operation ID: {0,552597} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1A6.tmp Handle ID: 3324 Operation ID: {0,552556} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1A5.tmp Handle ID: 3324 Operation ID: {0,552543} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1A6.tmp Handle ID: 3324 Operation ID: {0,552540} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1A6.tmp Handle ID: 3516 Operation ID: {0,552523} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1A5.tmp Handle ID: 3324 Operation ID: {0,552520} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1A5.tmp Handle ID: 3332 Operation ID: {0,552517} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1A5.tmp Handle ID: 3332 Operation ID: {0,552506} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1A6.tmp Handle ID: 3332 Operation ID: {0,552503} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1A5.tmp Handle ID: 3332 Operation ID: {0,552497} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3516 Operation ID: {0,552462} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3516 Operation ID: {0,552424} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:23 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:23 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3516 Operation ID: {0,552383} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1A4.tmp Handle ID: 3580 Operation ID: {0,552321} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1A3.tmp Handle ID: 3580 Operation ID: {0,552310} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1A4.tmp Handle ID: 3580 Operation ID: {0,552303} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1A4.tmp Handle ID: 3516 Operation ID: {0,552290} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1A3.tmp Handle ID: 3580 Operation ID: {0,552283} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1A3.tmp Handle ID: 3332 Operation ID: {0,552282} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1A3.tmp Handle ID: 3332 Operation ID: {0,552273} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1A4.tmp Handle ID: 3332 Operation ID: {0,552266} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1A3.tmp Handle ID: 3332 Operation ID: {0,552262} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3588 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3588 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3588 Operation ID: {0,552209} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3584 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3584 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3584 Operation ID: {0,552122} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1A2.tmp Handle ID: 3516 Operation ID: {0,552029} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1A1.tmp Handle ID: 3516 Operation ID: {0,552021} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1A2.tmp Handle ID: 3516 Operation ID: {0,552015} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1A2.tmp Handle ID: 3332 Operation ID: {0,551996} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1A1.tmp Handle ID: 3516 Operation ID: {0,551988} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1A1.tmp Handle ID: 3312 Operation ID: {0,551987} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1A1.tmp Handle ID: 3312 Operation ID: {0,551976} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1A2.tmp Handle ID: 3312 Operation ID: {0,551973} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1A1.tmp Handle ID: 3312 Operation ID: {0,551965} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3332 Operation ID: {0,551936} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3332 Operation ID: {0,551898} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3528 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3528 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3528 Operation ID: {0,551855} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3524 Operation ID: {0,551812} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1A0.tmp Handle ID: 3332 Operation ID: {0,551783} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab19F.tmp Handle ID: 3332 Operation ID: {0,551772} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1A0.tmp Handle ID: 3332 Operation ID: {0,551767} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1A0.tmp Handle ID: 3524 Operation ID: {0,551752} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab19F.tmp Handle ID: 3332 Operation ID: {0,551745} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab19F.tmp Handle ID: 3392 Operation ID: {0,551744} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab19F.tmp Handle ID: 3392 Operation ID: {0,551735} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1A0.tmp Handle ID: 3392 Operation ID: {0,551730} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab19F.tmp Handle ID: 3392 Operation ID: {0,551726} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3528 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3528 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3528 Operation ID: {0,551675} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3528 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3528 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3528 Operation ID: {0,551607} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar19E.tmp Handle ID: 3392 Operation ID: {0,551569} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab19D.tmp Handle ID: 3392 Operation ID: {0,551556} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar19E.tmp Handle ID: 3392 Operation ID: {0,551553} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar19E.tmp Handle ID: 3332 Operation ID: {0,551536} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab19D.tmp Handle ID: 3392 Operation ID: {0,551531} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab19D.tmp Handle ID: 3540 Operation ID: {0,551530} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab19D.tmp Handle ID: 3540 Operation ID: {0,551519} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar19E.tmp Handle ID: 3540 Operation ID: {0,551516} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab19D.tmp Handle ID: 3540 Operation ID: {0,551510} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3332 Operation ID: {0,551475} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3332 Operation ID: {0,551437} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3528 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3528 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3528 Operation ID: {0,551396} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3348 Operation ID: {0,551353} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar19C.tmp Handle ID: 3540 Operation ID: {0,551322} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab19B.tmp Handle ID: 3540 Operation ID: {0,551309} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar19C.tmp Handle ID: 3540 Operation ID: {0,551306} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar19C.tmp Handle ID: 3348 Operation ID: {0,551289} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab19B.tmp Handle ID: 3540 Operation ID: {0,551284} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab19B.tmp Handle ID: 3520 Operation ID: {0,551283} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab19B.tmp Handle ID: 3520 Operation ID: {0,551272} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar19C.tmp Handle ID: 3520 Operation ID: {0,551269} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab19B.tmp Handle ID: 3520 Operation ID: {0,551263} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3528 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3528 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3528 Operation ID: {0,551210} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3528 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3528 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3528 Operation ID: {0,551146} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar19A.tmp Handle ID: 3348 Operation ID: {0,551110} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab199.tmp Handle ID: 3348 Operation ID: {0,551099} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar19A.tmp Handle ID: 3348 Operation ID: {0,551092} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar19A.tmp Handle ID: 3520 Operation ID: {0,551079} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab199.tmp Handle ID: 3348 Operation ID: {0,551072} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab199.tmp Handle ID: 3516 Operation ID: {0,551071} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3516 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab199.tmp Handle ID: 3516 Operation ID: {0,551062} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar19A.tmp Handle ID: 3516 Operation ID: {0,551057} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3516 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab199.tmp Handle ID: 3516 Operation ID: {0,551051} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3520 Operation ID: {0,551016} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3520 Operation ID: {0,550978} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3528 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3528 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3528 Operation ID: {0,550935} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3544 Operation ID: {0,550890} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3520 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar198.tmp Handle ID: 3520 Operation ID: {0,550859} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3520 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab197.tmp Handle ID: 3520 Operation ID: {0,550854} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar198.tmp Handle ID: 3520 Operation ID: {0,550849} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar198.tmp Handle ID: 3544 Operation ID: {0,550834} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab197.tmp Handle ID: 3520 Operation ID: {0,550833} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab197.tmp Handle ID: 3524 Operation ID: {0,550832} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab197.tmp Handle ID: 3524 Operation ID: {0,550821} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar198.tmp Handle ID: 3524 Operation ID: {0,550820} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab197.tmp Handle ID: 3524 Operation ID: {0,550816} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3528 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3528 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3528 Operation ID: {0,550763} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3528 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3528 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3528 Operation ID: {0,550700} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar196.tmp Handle ID: 3524 Operation ID: {0,550662} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab195.tmp Handle ID: 3524 Operation ID: {0,550649} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar196.tmp Handle ID: 3524 Operation ID: {0,550646} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3524 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3524 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar196.tmp Handle ID: 3520 Operation ID: {0,550629} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab195.tmp Handle ID: 3524 Operation ID: {0,550624} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab195.tmp Handle ID: 3332 Operation ID: {0,550623} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab195.tmp Handle ID: 3332 Operation ID: {0,550612} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar196.tmp Handle ID: 3332 Operation ID: {0,550609} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab195.tmp Handle ID: 3332 Operation ID: {0,550603} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3520 Operation ID: {0,550568} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3520 Operation ID: {0,550530} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3528 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3528 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3528 Operation ID: {0,550487} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar194.tmp Handle ID: 3332 Operation ID: {0,550451} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab193.tmp Handle ID: 3332 Operation ID: {0,550440} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar194.tmp Handle ID: 3332 Operation ID: {0,550435} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar194.tmp Handle ID: 3312 Operation ID: {0,550420} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab193.tmp Handle ID: 3332 Operation ID: {0,550413} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab193.tmp Handle ID: 3540 Operation ID: {0,550412} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab193.tmp Handle ID: 3540 Operation ID: {0,550403} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar194.tmp Handle ID: 3540 Operation ID: {0,550398} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab193.tmp Handle ID: 3540 Operation ID: {0,550392} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3532 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3532 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3532 Operation ID: {0,550339} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3528 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3528 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3528 Operation ID: {0,550274} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar192.tmp Handle ID: 3468 Operation ID: {0,550235} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab191.tmp Handle ID: 3468 Operation ID: {0,550226} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar192.tmp Handle ID: 3468 Operation ID: {0,550219} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3512 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3512 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3512 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar192.tmp Handle ID: 3512 Operation ID: {0,550202} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab191.tmp Handle ID: 3468 Operation ID: {0,550197} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab191.tmp Handle ID: 3404 Operation ID: {0,550196} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab191.tmp Handle ID: 3404 Operation ID: {0,550185} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar192.tmp Handle ID: 3404 Operation ID: {0,550182} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab191.tmp Handle ID: 3404 Operation ID: {0,550176} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3512 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3512 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3512 Operation ID: {0,550141} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3512 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3512 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3512 Operation ID: {0,550103} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3512 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3512 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3512 Operation ID: {0,550064} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\conhost.exe Handle ID: 2544 Operation ID: {0,549993} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\conhost.exe Handle ID: 2544 Operation ID: {0,549992} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\conhost.exe Handle ID: 2544 Operation ID: {0,548656} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\conhost.exe Handle ID: 2544 Operation ID: {0,548651} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\conhost.exe Handle ID: 2544 Operation ID: {0,548642} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2544 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:21 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2544 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2544 Operation ID: {0,548472} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:21 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:21 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar190.tmp Handle ID: 3320 Operation ID: {0,548413} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:21 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:21 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab18F.tmp Handle ID: 3320 Operation ID: {0,548404} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:21 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar190.tmp Handle ID: 3320 Operation ID: {0,548395} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:21 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:21 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:21 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar190.tmp Handle ID: 3484 Operation ID: {0,548382} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:21 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab18F.tmp Handle ID: 3320 Operation ID: {0,548375} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab18F.tmp Handle ID: 3356 Operation ID: {0,548374} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:21 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab18F.tmp Handle ID: 3356 Operation ID: {0,548365} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:21 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar190.tmp Handle ID: 3356 Operation ID: {0,548358} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:21 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab18F.tmp Handle ID: 3356 Operation ID: {0,548354} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:21 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2576 Operation ID: {0,548301} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:21 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2576 Operation ID: {0,548238} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:21 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:21 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar18E.tmp Handle ID: 3484 Operation ID: {0,548200} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:21 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:21 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab18D.tmp Handle ID: 3484 Operation ID: {0,548191} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:21 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar18E.tmp Handle ID: 3484 Operation ID: {0,548184} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:21 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3464 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:21 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:21 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar18E.tmp Handle ID: 3356 Operation ID: {0,548167} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:21 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3464 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab18D.tmp Handle ID: 3484 Operation ID: {0,548162} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab18D.tmp Handle ID: 3464 Operation ID: {0,548161} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3464 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:21 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3464 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab18D.tmp Handle ID: 3464 Operation ID: {0,548150} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3464 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:21 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar18E.tmp Handle ID: 3464 Operation ID: {0,548147} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3464 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:21 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab18D.tmp Handle ID: 3464 Operation ID: {0,548141} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:21 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3356 Operation ID: {0,548110} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:21 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3356 Operation ID: {0,548072} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:21 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2576 Operation ID: {0,548029} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:21 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,547986} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:21 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:21 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar18C.tmp Handle ID: 3356 Operation ID: {0,547957} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:21 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:21 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab18B.tmp Handle ID: 3356 Operation ID: {0,547948} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:21 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar18C.tmp Handle ID: 3356 Operation ID: {0,547941} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:21 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3412 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:21 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:21 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar18C.tmp Handle ID: 3476 Operation ID: {0,547926} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:21 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3412 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab18B.tmp Handle ID: 3356 Operation ID: {0,547919} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab18B.tmp Handle ID: 3412 Operation ID: {0,547918} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3412 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:21 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3412 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab18B.tmp Handle ID: 3412 Operation ID: {0,547909} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3412 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:21 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar18C.tmp Handle ID: 3412 Operation ID: {0,547902} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3412 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:21 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab18B.tmp Handle ID: 3412 Operation ID: {0,547898} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:21 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2576 Operation ID: {0,547845} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:21 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:21 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2576 Operation ID: {0,547781} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3464 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3464 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3464 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3464 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar18A.tmp Handle ID: 3464 Operation ID: {0,547743} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3464 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3464 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3464 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3464 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab189.tmp Handle ID: 3464 Operation ID: {0,547734} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3464 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3464 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar18A.tmp Handle ID: 3464 Operation ID: {0,547727} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3464 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3412 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3412 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3412 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3464 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar18A.tmp Handle ID: 3412 Operation ID: {0,547710} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab189.tmp Handle ID: 3464 Operation ID: {0,547705} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab189.tmp Handle ID: 3376 Operation ID: {0,547704} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab189.tmp Handle ID: 3376 Operation ID: {0,547693} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar18A.tmp Handle ID: 3376 Operation ID: {0,547690} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab189.tmp Handle ID: 3376 Operation ID: {0,547684} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3412 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3412 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3412 Operation ID: {0,547649} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3412 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3412 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3412 Operation ID: {0,547611} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2576 Operation ID: {0,547568} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,547523} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar188.tmp Handle ID: 3376 Operation ID: {0,547494} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab187.tmp Handle ID: 3376 Operation ID: {0,547485} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar188.tmp Handle ID: 3376 Operation ID: {0,547478} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar188.tmp Handle ID: 3476 Operation ID: {0,547463} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab187.tmp Handle ID: 3376 Operation ID: {0,547456} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab187.tmp Handle ID: 3320 Operation ID: {0,547455} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab187.tmp Handle ID: 3320 Operation ID: {0,547446} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar188.tmp Handle ID: 3320 Operation ID: {0,547439} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab187.tmp Handle ID: 3320 Operation ID: {0,547435} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2576 Operation ID: {0,547382} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2576 Operation ID: {0,547319} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar186.tmp Handle ID: 3476 Operation ID: {0,547281} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab185.tmp Handle ID: 3476 Operation ID: {0,547272} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar186.tmp Handle ID: 3476 Operation ID: {0,547265} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar186.tmp Handle ID: 3320 Operation ID: {0,547248} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab185.tmp Handle ID: 3476 Operation ID: {0,547243} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab185.tmp Handle ID: 3484 Operation ID: {0,547242} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab185.tmp Handle ID: 3484 Operation ID: {0,547231} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar186.tmp Handle ID: 3484 Operation ID: {0,547228} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab185.tmp Handle ID: 3484 Operation ID: {0,547222} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3320 Operation ID: {0,547191} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3320 Operation ID: {0,547153} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2576 Operation ID: {0,547110} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,547066} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar184.tmp Handle ID: 3320 Operation ID: {0,547037} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab183.tmp Handle ID: 3320 Operation ID: {0,547028} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar184.tmp Handle ID: 3320 Operation ID: {0,547021} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar184.tmp Handle ID: 2540 Operation ID: {0,547006} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab183.tmp Handle ID: 3320 Operation ID: {0,546999} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab183.tmp Handle ID: 3356 Operation ID: {0,546998} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab183.tmp Handle ID: 3356 Operation ID: {0,546989} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar184.tmp Handle ID: 3356 Operation ID: {0,546984} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab183.tmp Handle ID: 3356 Operation ID: {0,546980} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2576 Operation ID: {0,546927} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2576 Operation ID: {0,546864} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar182.tmp Handle ID: 3484 Operation ID: {0,546828} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab181.tmp Handle ID: 3484 Operation ID: {0,546819} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar182.tmp Handle ID: 3484 Operation ID: {0,546812} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3412 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar182.tmp Handle ID: 3320 Operation ID: {0,546797} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3412 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab181.tmp Handle ID: 3484 Operation ID: {0,546790} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab181.tmp Handle ID: 3412 Operation ID: {0,546789} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3412 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3412 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab181.tmp Handle ID: 3412 Operation ID: {0,546780} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3412 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar182.tmp Handle ID: 3412 Operation ID: {0,546773} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3412 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab181.tmp Handle ID: 3412 Operation ID: {0,546769} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3320 Operation ID: {0,546734} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3320 Operation ID: {0,546696} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2576 Operation ID: {0,546653} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3440 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3440 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3440 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3440 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar180.tmp Handle ID: 3440 Operation ID: {0,546536} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3440 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3440 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3440 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3440 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab17F.tmp Handle ID: 3440 Operation ID: {0,546527} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3440 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3440 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar180.tmp Handle ID: 3440 Operation ID: {0,546520} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3440 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3412 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3412 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3412 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3440 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar180.tmp Handle ID: 3412 Operation ID: {0,546503} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab17F.tmp Handle ID: 3440 Operation ID: {0,546498} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab17F.tmp Handle ID: 3376 Operation ID: {0,546497} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab17F.tmp Handle ID: 3376 Operation ID: {0,546486} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar180.tmp Handle ID: 3376 Operation ID: {0,546483} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab17F.tmp Handle ID: 3376 Operation ID: {0,546477} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3496 Operation ID: {0,546424} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3496 Operation ID: {0,546361} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3412 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3412 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3412 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3412 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar17E.tmp Handle ID: 3412 Operation ID: {0,546323} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3412 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3412 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3412 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3412 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab17D.tmp Handle ID: 3412 Operation ID: {0,546314} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3412 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3412 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar17E.tmp Handle ID: 3412 Operation ID: {0,546307} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3412 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3412 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar17E.tmp Handle ID: 3376 Operation ID: {0,546292} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab17D.tmp Handle ID: 3412 Operation ID: {0,546285} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab17D.tmp Handle ID: 3484 Operation ID: {0,546284} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab17D.tmp Handle ID: 3484 Operation ID: {0,546275} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar17E.tmp Handle ID: 3484 Operation ID: {0,546270} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab17D.tmp Handle ID: 3484 Operation ID: {0,546264} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3376 Operation ID: {0,546229} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3376 Operation ID: {0,546191} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3376 Operation ID: {0,546150} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar17C.tmp Handle ID: 3472 Operation ID: {0,546075} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab17B.tmp Handle ID: 3472 Operation ID: {0,546070} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar17C.tmp Handle ID: 3472 Operation ID: {0,546065} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar17C.tmp Handle ID: 2540 Operation ID: {0,546050} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab17B.tmp Handle ID: 3472 Operation ID: {0,546047} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab17B.tmp Handle ID: 3376 Operation ID: {0,546046} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab17B.tmp Handle ID: 3376 Operation ID: {0,546035} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar17C.tmp Handle ID: 3376 Operation ID: {0,546032} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab17B.tmp Handle ID: 3376 Operation ID: {0,546028} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3496 Operation ID: {0,545975} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3496 Operation ID: {0,545911} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar17A.tmp Handle ID: 3476 Operation ID: {0,545873} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab179.tmp Handle ID: 3476 Operation ID: {0,545864} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar17A.tmp Handle ID: 3476 Operation ID: {0,545859} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar17A.tmp Handle ID: 3472 Operation ID: {0,545840} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab179.tmp Handle ID: 3476 Operation ID: {0,545837} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab179.tmp Handle ID: 3404 Operation ID: {0,545836} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab179.tmp Handle ID: 3404 Operation ID: {0,545827} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar17A.tmp Handle ID: 3404 Operation ID: {0,545822} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab179.tmp Handle ID: 3404 Operation ID: {0,545816} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3472 Operation ID: {0,545781} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3472 Operation ID: {0,545743} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3496 Operation ID: {0,545700} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3376 Operation ID: {0,545655} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar178.tmp Handle ID: 3404 Operation ID: {0,545626} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab177.tmp Handle ID: 3404 Operation ID: {0,545617} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar178.tmp Handle ID: 3404 Operation ID: {0,545610} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3432 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar178.tmp Handle ID: 3376 Operation ID: {0,545595} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3432 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab177.tmp Handle ID: 3404 Operation ID: {0,545588} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab177.tmp Handle ID: 3432 Operation ID: {0,545587} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3432 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3432 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab177.tmp Handle ID: 3432 Operation ID: {0,545578} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3432 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar178.tmp Handle ID: 3432 Operation ID: {0,545571} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3432 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab177.tmp Handle ID: 3432 Operation ID: {0,545567} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3496 Operation ID: {0,545514} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3496 Operation ID: {0,545451} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar176.tmp Handle ID: 3376 Operation ID: {0,545413} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab175.tmp Handle ID: 3376 Operation ID: {0,545404} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar176.tmp Handle ID: 3376 Operation ID: {0,545397} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3440 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3432 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3432 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3432 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar176.tmp Handle ID: 3432 Operation ID: {0,545380} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3440 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab175.tmp Handle ID: 3376 Operation ID: {0,545375} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab175.tmp Handle ID: 3440 Operation ID: {0,545374} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3440 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3440 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab175.tmp Handle ID: 3440 Operation ID: {0,545363} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3440 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar176.tmp Handle ID: 3440 Operation ID: {0,545360} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3440 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab175.tmp Handle ID: 3440 Operation ID: {0,545350} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3432 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3432 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3432 Operation ID: {0,545319} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3432 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3432 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3432 Operation ID: {0,545281} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3496 Operation ID: {0,545238} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3464 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3464 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3464 Operation ID: {0,545192} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3432 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3432 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3432 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3432 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar174.tmp Handle ID: 3432 Operation ID: {0,545163} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3432 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3432 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3432 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3432 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab173.tmp Handle ID: 3432 Operation ID: {0,545154} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3432 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3432 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar174.tmp Handle ID: 3432 Operation ID: {0,545147} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3432 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3464 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3464 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3464 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3432 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar174.tmp Handle ID: 3464 Operation ID: {0,545132} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab173.tmp Handle ID: 3432 Operation ID: {0,545125} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab173.tmp Handle ID: 2540 Operation ID: {0,545124} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab173.tmp Handle ID: 2540 Operation ID: {0,545115} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar174.tmp Handle ID: 2540 Operation ID: {0,545108} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab173.tmp Handle ID: 2540 Operation ID: {0,545104} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3496 Operation ID: {0,545051} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3496 Operation ID: {0,544988} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3440 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3440 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3440 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3440 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar172.tmp Handle ID: 3440 Operation ID: {0,544950} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3440 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3440 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3440 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3440 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab171.tmp Handle ID: 3440 Operation ID: {0,544941} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3440 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3440 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar172.tmp Handle ID: 3440 Operation ID: {0,544934} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3440 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3432 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3432 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3432 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3440 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar172.tmp Handle ID: 3432 Operation ID: {0,544917} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab171.tmp Handle ID: 3440 Operation ID: {0,544912} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab171.tmp Handle ID: 3472 Operation ID: {0,544911} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab171.tmp Handle ID: 3472 Operation ID: {0,544900} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar172.tmp Handle ID: 3472 Operation ID: {0,544897} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab171.tmp Handle ID: 3472 Operation ID: {0,544891} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3432 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3432 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3432 Operation ID: {0,544856} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3432 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3432 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3432 Operation ID: {0,544818} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3496 Operation ID: {0,544775} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,544730} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar170.tmp Handle ID: 3472 Operation ID: {0,544701} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab16F.tmp Handle ID: 3472 Operation ID: {0,544692} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar170.tmp Handle ID: 3472 Operation ID: {0,544685} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar170.tmp Handle ID: 2540 Operation ID: {0,544667} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab16F.tmp Handle ID: 3472 Operation ID: {0,544660} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab16F.tmp Handle ID: 3404 Operation ID: {0,544659} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab16F.tmp Handle ID: 3404 Operation ID: {0,544650} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar170.tmp Handle ID: 3404 Operation ID: {0,544643} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab16F.tmp Handle ID: 3404 Operation ID: {0,544639} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3496 Operation ID: {0,544586} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3496 Operation ID: {0,544523} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar16E.tmp Handle ID: 2540 Operation ID: {0,544483} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab16D.tmp Handle ID: 2540 Operation ID: {0,544474} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar16E.tmp Handle ID: 2540 Operation ID: {0,544467} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar16E.tmp Handle ID: 3404 Operation ID: {0,544450} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab16D.tmp Handle ID: 2540 Operation ID: {0,544445} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab16D.tmp Handle ID: 3376 Operation ID: {0,544444} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab16D.tmp Handle ID: 3376 Operation ID: {0,544433} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar16E.tmp Handle ID: 3376 Operation ID: {0,544430} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab16D.tmp Handle ID: 3376 Operation ID: {0,544422} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3404 Operation ID: {0,544393} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3404 Operation ID: {0,544357} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3496 Operation ID: {0,544314} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar16C.tmp Handle ID: 3404 Operation ID: {0,544278} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab16B.tmp Handle ID: 3404 Operation ID: {0,544263} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar16C.tmp Handle ID: 3404 Operation ID: {0,544256} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3464 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar16C.tmp Handle ID: 3476 Operation ID: {0,544241} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3464 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab16B.tmp Handle ID: 3404 Operation ID: {0,544234} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab16B.tmp Handle ID: 3464 Operation ID: {0,544233} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3464 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3464 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab16B.tmp Handle ID: 3464 Operation ID: {0,544224} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3464 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar16C.tmp Handle ID: 3464 Operation ID: {0,544219} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3464 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab16B.tmp Handle ID: 3464 Operation ID: {0,544215} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3496 Operation ID: {0,544162} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3496 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3496 Operation ID: {0,544098} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3464 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3464 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3464 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3464 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar16A.tmp Handle ID: 3464 Operation ID: {0,544062} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3464 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3464 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3464 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3464 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab169.tmp Handle ID: 3464 Operation ID: {0,544053} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3464 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3464 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar16A.tmp Handle ID: 3464 Operation ID: {0,544046} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3464 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3432 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3464 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar16A.tmp Handle ID: 3404 Operation ID: {0,544031} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3432 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab169.tmp Handle ID: 3464 Operation ID: {0,544024} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab169.tmp Handle ID: 3432 Operation ID: {0,544023} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3432 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3432 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab169.tmp Handle ID: 3432 Operation ID: {0,544014} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3432 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar16A.tmp Handle ID: 3432 Operation ID: {0,544007} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3432 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab169.tmp Handle ID: 3432 Operation ID: {0,544003} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3404 Operation ID: {0,543966} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3404 Operation ID: {0,543928} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:20 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:20 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3404 Operation ID: {0,543887} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar168.tmp Handle ID: 3436 Operation ID: {0,543744} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab167.tmp Handle ID: 3436 Operation ID: {0,543735} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar168.tmp Handle ID: 3436 Operation ID: {0,543728} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar168.tmp Handle ID: 3376 Operation ID: {0,543711} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab167.tmp Handle ID: 3436 Operation ID: {0,543706} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab167.tmp Handle ID: 3324 Operation ID: {0,543705} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab167.tmp Handle ID: 3324 Operation ID: {0,543694} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar168.tmp Handle ID: 3324 Operation ID: {0,543691} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab167.tmp Handle ID: 3324 Operation ID: {0,543685} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3536 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3536 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3536 Operation ID: {0,543517} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3432 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3432 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3432 Operation ID: {0,543439} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar166.tmp Handle ID: 3468 Operation ID: {0,543403} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab165.tmp Handle ID: 3468 Operation ID: {0,543394} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar166.tmp Handle ID: 3468 Operation ID: {0,543385} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3440 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar166.tmp Handle ID: 3436 Operation ID: {0,543372} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3440 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab165.tmp Handle ID: 3468 Operation ID: {0,543365} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab165.tmp Handle ID: 3440 Operation ID: {0,543364} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3440 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3440 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab165.tmp Handle ID: 3440 Operation ID: {0,543355} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3440 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar166.tmp Handle ID: 3440 Operation ID: {0,543348} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3440 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab165.tmp Handle ID: 3440 Operation ID: {0,543344} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,543309} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,543273} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3432 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3432 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3432 Operation ID: {0,543230} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,543185} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar164.tmp Handle ID: 3436 Operation ID: {0,543156} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab163.tmp Handle ID: 3436 Operation ID: {0,543147} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar164.tmp Handle ID: 3436 Operation ID: {0,543140} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar164.tmp Handle ID: 3476 Operation ID: {0,543125} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab163.tmp Handle ID: 3436 Operation ID: {0,543118} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab163.tmp Handle ID: 3356 Operation ID: {0,543117} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab163.tmp Handle ID: 3356 Operation ID: {0,543108} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar164.tmp Handle ID: 3356 Operation ID: {0,543101} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab163.tmp Handle ID: 3356 Operation ID: {0,543097} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3432 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3432 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3432 Operation ID: {0,543044} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3432 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3432 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3432 Operation ID: {0,542980} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3440 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3440 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3440 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3440 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar162.tmp Handle ID: 3440 Operation ID: {0,542940} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3440 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3440 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3440 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3440 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab161.tmp Handle ID: 3440 Operation ID: {0,542931} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3440 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3440 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar162.tmp Handle ID: 3440 Operation ID: {0,542924} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3440 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3440 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar162.tmp Handle ID: 3436 Operation ID: {0,542907} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab161.tmp Handle ID: 3440 Operation ID: {0,542902} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab161.tmp Handle ID: 3324 Operation ID: {0,542901} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab161.tmp Handle ID: 3324 Operation ID: {0,542890} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar162.tmp Handle ID: 3324 Operation ID: {0,542887} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab161.tmp Handle ID: 3324 Operation ID: {0,542881} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,542846} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,542807} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3504 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\conhost.exe Handle ID: 3504 Operation ID: {0,542750} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:19 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3504 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:19 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\conhost.exe Handle ID: 3504 Operation ID: {0,542749} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3504 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3504 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\conhost.exe Handle ID: 3504 Operation ID: {0,542576} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3432 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3432 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3432 Operation ID: {0,542493} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3356 Operation ID: {0,542425} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar160.tmp Handle ID: 3324 Operation ID: {0,542396} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab15F.tmp Handle ID: 3324 Operation ID: {0,542387} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar160.tmp Handle ID: 3324 Operation ID: {0,542380} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar160.tmp Handle ID: 3356 Operation ID: {0,542365} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab15F.tmp Handle ID: 3324 Operation ID: {0,542358} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab15F.tmp Handle ID: 3376 Operation ID: {0,542357} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab15F.tmp Handle ID: 3376 Operation ID: {0,542348} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar160.tmp Handle ID: 3376 Operation ID: {0,542343} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab15F.tmp Handle ID: 3376 Operation ID: {0,542339} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3472 Operation ID: {0,542286} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3472 Operation ID: {0,542221} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar15E.tmp Handle ID: 3376 Operation ID: {0,542185} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab15D.tmp Handle ID: 3376 Operation ID: {0,542176} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar15E.tmp Handle ID: 3376 Operation ID: {0,542167} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar15E.tmp Handle ID: 3324 Operation ID: {0,542154} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab15D.tmp Handle ID: 3376 Operation ID: {0,542147} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab15D.tmp Handle ID: 3468 Operation ID: {0,542146} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab15D.tmp Handle ID: 3468 Operation ID: {0,542137} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar15E.tmp Handle ID: 3468 Operation ID: {0,542130} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab15D.tmp Handle ID: 3468 Operation ID: {0,542126} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3324 Operation ID: {0,542091} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3324 Operation ID: {0,542053} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3472 Operation ID: {0,542010} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2540 Operation ID: {0,541965} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar15C.tmp Handle ID: 3324 Operation ID: {0,541932} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab15B.tmp Handle ID: 3324 Operation ID: {0,541927} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar15C.tmp Handle ID: 3324 Operation ID: {0,541922} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2540 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2540 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar15C.tmp Handle ID: 2540 Operation ID: {0,541909} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab15B.tmp Handle ID: 3324 Operation ID: {0,541906} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab15B.tmp Handle ID: 3476 Operation ID: {0,541905} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab15B.tmp Handle ID: 3476 Operation ID: {0,541896} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar15C.tmp Handle ID: 3476 Operation ID: {0,541893} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab15B.tmp Handle ID: 3476 Operation ID: {0,541887} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3472 Operation ID: {0,541834} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3472 Operation ID: {0,541761} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar15A.tmp Handle ID: 3468 Operation ID: {0,541725} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab159.tmp Handle ID: 3468 Operation ID: {0,541716} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar15A.tmp Handle ID: 3468 Operation ID: {0,541709} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar15A.tmp Handle ID: 3324 Operation ID: {0,541694} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab159.tmp Handle ID: 3468 Operation ID: {0,541687} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab159.tmp Handle ID: 3436 Operation ID: {0,541686} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab159.tmp Handle ID: 3436 Operation ID: {0,541677} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar15A.tmp Handle ID: 3436 Operation ID: {0,541670} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab159.tmp Handle ID: 3436 Operation ID: {0,541666} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3324 Operation ID: {0,541631} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3324 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3324 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3324 Operation ID: {0,541593} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3472 Operation ID: {0,541550} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar158.tmp Handle ID: 3436 Operation ID: {0,541512} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab157.tmp Handle ID: 3436 Operation ID: {0,541503} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar158.tmp Handle ID: 3436 Operation ID: {0,541496} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar158.tmp Handle ID: 3476 Operation ID: {0,541479} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab157.tmp Handle ID: 3436 Operation ID: {0,541474} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab157.tmp Handle ID: 3356 Operation ID: {0,541473} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab157.tmp Handle ID: 3356 Operation ID: {0,541462} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar158.tmp Handle ID: 3356 Operation ID: {0,541459} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab157.tmp Handle ID: 3356 Operation ID: {0,541453} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3472 Operation ID: {0,541402} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1752 Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3432 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3432 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3432 Operation ID: {0,541334} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar156.tmp Handle ID: 3364 Operation ID: {0,541298} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab155.tmp Handle ID: 3364 Operation ID: {0,541289} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar156.tmp Handle ID: 3364 Operation ID: {0,541282} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar156.tmp Handle ID: 3356 Operation ID: {0,541265} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab155.tmp Handle ID: 3364 Operation ID: {0,541260} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab155.tmp Handle ID: 2580 Operation ID: {0,541259} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab155.tmp Handle ID: 2580 Operation ID: {0,541248} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar156.tmp Handle ID: 2580 Operation ID: {0,541245} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab155.tmp Handle ID: 2580 Operation ID: {0,541239} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3356 Operation ID: {0,541204} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3356 Operation ID: {0,541166} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3356 Operation ID: {0,541125} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1752 Object Type: File Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\conhost.exe Handle ID: 1752 Operation ID: {0,541075} Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:18 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1688 Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe " 4/17/2020 11:48:17 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe " 4/17/2020 11:48:17 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:17 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\ntuser.dat Handle ID: 1704 Operation ID: {0,540940} Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:17 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe " 4/17/2020 11:48:17 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:17 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\ntuser.dat Handle ID: 1704 Operation ID: {0,540934} Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:17 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe " 4/17/2020 11:48:17 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:17 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\ntuser.dat Handle ID: 1704 Operation ID: {0,540926} Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:17 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe " 4/17/2020 11:48:17 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:17 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\ntuser.dat Handle ID: 1704 Operation ID: {0,540918} Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:17 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe " 4/17/2020 11:48:17 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:17 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\ntuser.dat Handle ID: 1704 Operation ID: {0,540906} Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:17 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe " 4/17/2020 11:48:17 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:17 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\ntuser.dat Handle ID: 1704 Operation ID: {0,540897} Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:17 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1704 Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe " 4/17/2020 11:48:17 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1704 Object Type: File Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:17 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\ntuser.dat Handle ID: 1704 Operation ID: {0,540884} Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:16 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1688 Object Type: File Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:16 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1688 Object Type: File Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:16 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\ntuser.dat Handle ID: 1688 Operation ID: {0,538594} Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar154.tmp Handle ID: 3364 Operation ID: {0,538330} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab153.tmp Handle ID: 3364 Operation ID: {0,538327} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar154.tmp Handle ID: 3364 Operation ID: {0,538320} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar154.tmp Handle ID: 2580 Operation ID: {0,538307} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab153.tmp Handle ID: 3364 Operation ID: {0,538304} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab153.tmp Handle ID: 3480 Operation ID: {0,538303} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab153.tmp Handle ID: 3480 Operation ID: {0,538294} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar154.tmp Handle ID: 3480 Operation ID: {0,538293} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab153.tmp Handle ID: 3480 Operation ID: {0,538289} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,538238} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,538177} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar152.tmp Handle ID: 3484 Operation ID: {0,538145} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab151.tmp Handle ID: 3484 Operation ID: {0,538140} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar152.tmp Handle ID: 3484 Operation ID: {0,538135} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar152.tmp Handle ID: 3480 Operation ID: {0,538122} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab151.tmp Handle ID: 3484 Operation ID: {0,538119} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab151.tmp Handle ID: 3332 Operation ID: {0,538118} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab151.tmp Handle ID: 3332 Operation ID: {0,538110} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar152.tmp Handle ID: 3332 Operation ID: {0,538107} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab151.tmp Handle ID: 3332 Operation ID: {0,538103} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,538070} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,538034} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,537993} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2580 Operation ID: {0,537949} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar150.tmp Handle ID: 3480 Operation ID: {0,537924} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab14F.tmp Handle ID: 3480 Operation ID: {0,537919} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar150.tmp Handle ID: 3480 Operation ID: {0,537916} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar150.tmp Handle ID: 2580 Operation ID: {0,537903} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab14F.tmp Handle ID: 3480 Operation ID: {0,537900} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab14F.tmp Handle ID: 3460 Operation ID: {0,537899} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab14F.tmp Handle ID: 3460 Operation ID: {0,537892} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar150.tmp Handle ID: 3460 Operation ID: {0,537889} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab14F.tmp Handle ID: 3460 Operation ID: {0,537885} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,537834} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,537773} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar14E.tmp Handle ID: 3332 Operation ID: {0,537740} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab14D.tmp Handle ID: 3332 Operation ID: {0,537735} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar14E.tmp Handle ID: 3332 Operation ID: {0,537732} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar14E.tmp Handle ID: 3460 Operation ID: {0,537719} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab14D.tmp Handle ID: 3332 Operation ID: {0,537716} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab14D.tmp Handle ID: 3436 Operation ID: {0,537715} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab14D.tmp Handle ID: 3436 Operation ID: {0,537708} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar14E.tmp Handle ID: 3436 Operation ID: {0,537705} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab14D.tmp Handle ID: 3436 Operation ID: {0,537701} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3460 Operation ID: {0,537668} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3460 Operation ID: {0,537632} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,537591} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2580 Operation ID: {0,537548} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar14C.tmp Handle ID: 3460 Operation ID: {0,537523} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab14B.tmp Handle ID: 3460 Operation ID: {0,537519} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar14C.tmp Handle ID: 3460 Operation ID: {0,537515} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar14C.tmp Handle ID: 2580 Operation ID: {0,537502} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab14B.tmp Handle ID: 3460 Operation ID: {0,537499} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab14B.tmp Handle ID: 3364 Operation ID: {0,537498} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab14B.tmp Handle ID: 3364 Operation ID: {0,537491} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar14C.tmp Handle ID: 3364 Operation ID: {0,537488} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab14B.tmp Handle ID: 3364 Operation ID: {0,537484} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,537433} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,537372} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar14A.tmp Handle ID: 3436 Operation ID: {0,537339} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab149.tmp Handle ID: 3436 Operation ID: {0,537334} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar14A.tmp Handle ID: 3436 Operation ID: {0,537329} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar14A.tmp Handle ID: 3364 Operation ID: {0,537318} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab149.tmp Handle ID: 3436 Operation ID: {0,537315} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab149.tmp Handle ID: 3484 Operation ID: {0,537314} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab149.tmp Handle ID: 3484 Operation ID: {0,537307} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar14A.tmp Handle ID: 3484 Operation ID: {0,537304} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab149.tmp Handle ID: 3484 Operation ID: {0,537300} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3364 Operation ID: {0,537267} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3364 Operation ID: {0,537231} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,537190} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2580 Operation ID: {0,537147} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar148.tmp Handle ID: 3364 Operation ID: {0,537122} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab147.tmp Handle ID: 3364 Operation ID: {0,537117} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar148.tmp Handle ID: 3364 Operation ID: {0,537112} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar148.tmp Handle ID: 2580 Operation ID: {0,537101} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab147.tmp Handle ID: 3364 Operation ID: {0,537098} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab147.tmp Handle ID: 3480 Operation ID: {0,537097} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab147.tmp Handle ID: 3480 Operation ID: {0,537088} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar148.tmp Handle ID: 3480 Operation ID: {0,537087} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab147.tmp Handle ID: 3480 Operation ID: {0,537083} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,537032} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,536971} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar146.tmp Handle ID: 3484 Operation ID: {0,536937} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab145.tmp Handle ID: 3484 Operation ID: {0,536932} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar146.tmp Handle ID: 3484 Operation ID: {0,536929} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar146.tmp Handle ID: 3480 Operation ID: {0,536916} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab145.tmp Handle ID: 3484 Operation ID: {0,536913} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab145.tmp Handle ID: 3332 Operation ID: {0,536912} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab145.tmp Handle ID: 3332 Operation ID: {0,536903} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar146.tmp Handle ID: 3332 Operation ID: {0,536900} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab145.tmp Handle ID: 3332 Operation ID: {0,536896} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,536863} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,536827} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,536786} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar144.tmp Handle ID: 3480 Operation ID: {0,536754} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab143.tmp Handle ID: 3480 Operation ID: {0,536749} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar144.tmp Handle ID: 3480 Operation ID: {0,536744} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar144.tmp Handle ID: 2580 Operation ID: {0,536731} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab143.tmp Handle ID: 3480 Operation ID: {0,536728} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab143.tmp Handle ID: 3460 Operation ID: {0,536727} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab143.tmp Handle ID: 3460 Operation ID: {0,536720} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar144.tmp Handle ID: 3460 Operation ID: {0,536715} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab143.tmp Handle ID: 3460 Operation ID: {0,536713} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,536662} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,536601} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar142.tmp Handle ID: 3332 Operation ID: {0,536571} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab141.tmp Handle ID: 3332 Operation ID: {0,536566} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar142.tmp Handle ID: 3332 Operation ID: {0,536561} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3332 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3332 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar142.tmp Handle ID: 3460 Operation ID: {0,536548} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab141.tmp Handle ID: 3332 Operation ID: {0,536545} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab141.tmp Handle ID: 3436 Operation ID: {0,536544} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab141.tmp Handle ID: 3436 Operation ID: {0,536537} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar142.tmp Handle ID: 3436 Operation ID: {0,536534} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab141.tmp Handle ID: 3436 Operation ID: {0,536530} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3460 Operation ID: {0,536497} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3460 Operation ID: {0,536461} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3460 Operation ID: {0,536422} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar140.tmp Handle ID: 3348 Operation ID: {0,536286} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab13F.tmp Handle ID: 3348 Operation ID: {0,536283} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar140.tmp Handle ID: 3348 Operation ID: {0,536280} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar140.tmp Handle ID: 3356 Operation ID: {0,536267} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab13F.tmp Handle ID: 3348 Operation ID: {0,536264} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab13F.tmp Handle ID: 3480 Operation ID: {0,536263} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab13F.tmp Handle ID: 3480 Operation ID: {0,536255} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar140.tmp Handle ID: 3480 Operation ID: {0,536251} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab13F.tmp Handle ID: 3480 Operation ID: {0,536249} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3404 Operation ID: {0,536198} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3404 Operation ID: {0,536136} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar13E.tmp Handle ID: 3468 Operation ID: {0,536104} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab13D.tmp Handle ID: 3468 Operation ID: {0,536099} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar13E.tmp Handle ID: 3468 Operation ID: {0,536096} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar13E.tmp Handle ID: 3480 Operation ID: {0,536081} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab13D.tmp Handle ID: 3468 Operation ID: {0,536078} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab13D.tmp Handle ID: 2580 Operation ID: {0,536077} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab13D.tmp Handle ID: 2580 Operation ID: {0,536070} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar13E.tmp Handle ID: 2580 Operation ID: {0,536067} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab13D.tmp Handle ID: 2580 Operation ID: {0,536063} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,536030} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,535994} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3404 Operation ID: {0,535953} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3356 Operation ID: {0,535910} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar13C.tmp Handle ID: 3480 Operation ID: {0,535885} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab13B.tmp Handle ID: 3480 Operation ID: {0,535880} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar13C.tmp Handle ID: 3480 Operation ID: {0,535877} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar13C.tmp Handle ID: 3356 Operation ID: {0,535862} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab13B.tmp Handle ID: 3480 Operation ID: {0,535861} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab13B.tmp Handle ID: 3364 Operation ID: {0,535860} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab13B.tmp Handle ID: 3364 Operation ID: {0,535851} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar13C.tmp Handle ID: 3364 Operation ID: {0,535850} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab13B.tmp Handle ID: 3364 Operation ID: {0,535846} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3404 Operation ID: {0,535795} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3404 Operation ID: {0,535734} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar13A.tmp Handle ID: 2580 Operation ID: {0,535702} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab139.tmp Handle ID: 2580 Operation ID: {0,535697} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar13A.tmp Handle ID: 2580 Operation ID: {0,535690} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar13A.tmp Handle ID: 3364 Operation ID: {0,535677} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab139.tmp Handle ID: 2580 Operation ID: {0,535674} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab139.tmp Handle ID: 3436 Operation ID: {0,535673} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab139.tmp Handle ID: 3436 Operation ID: {0,535664} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar13A.tmp Handle ID: 3436 Operation ID: {0,535661} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab139.tmp Handle ID: 3436 Operation ID: {0,535657} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3364 Operation ID: {0,535624} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3364 Operation ID: {0,535588} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3404 Operation ID: {0,535547} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3356 Operation ID: {0,535503} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar138.tmp Handle ID: 3364 Operation ID: {0,535478} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab137.tmp Handle ID: 3364 Operation ID: {0,535473} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar138.tmp Handle ID: 3364 Operation ID: {0,535466} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar138.tmp Handle ID: 3356 Operation ID: {0,535453} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab137.tmp Handle ID: 3364 Operation ID: {0,535450} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab137.tmp Handle ID: 3348 Operation ID: {0,535449} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab137.tmp Handle ID: 3348 Operation ID: {0,535442} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar138.tmp Handle ID: 3348 Operation ID: {0,535439} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab137.tmp Handle ID: 3348 Operation ID: {0,535435} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3404 Operation ID: {0,535384} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3404 Operation ID: {0,535323} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar136.tmp Handle ID: 3436 Operation ID: {0,535289} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab135.tmp Handle ID: 3436 Operation ID: {0,535280} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar136.tmp Handle ID: 3436 Operation ID: {0,535275} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar136.tmp Handle ID: 3348 Operation ID: {0,535260} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab135.tmp Handle ID: 3436 Operation ID: {0,535257} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab135.tmp Handle ID: 3468 Operation ID: {0,535256} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab135.tmp Handle ID: 3468 Operation ID: {0,535249} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar136.tmp Handle ID: 3468 Operation ID: {0,535246} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab135.tmp Handle ID: 3468 Operation ID: {0,535242} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3348 Operation ID: {0,535209} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3348 Operation ID: {0,535173} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3404 Operation ID: {0,535132} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3356 Operation ID: {0,535089} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar134.tmp Handle ID: 3348 Operation ID: {0,535064} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab133.tmp Handle ID: 3348 Operation ID: {0,535059} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar134.tmp Handle ID: 3348 Operation ID: {0,535054} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar134.tmp Handle ID: 3356 Operation ID: {0,535041} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab133.tmp Handle ID: 3348 Operation ID: {0,535038} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab133.tmp Handle ID: 3480 Operation ID: {0,535037} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab133.tmp Handle ID: 3480 Operation ID: {0,535030} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar134.tmp Handle ID: 3480 Operation ID: {0,535027} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab133.tmp Handle ID: 3480 Operation ID: {0,535023} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3404 Operation ID: {0,534972} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3404 Operation ID: {0,534911} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar132.tmp Handle ID: 3468 Operation ID: {0,534877} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab131.tmp Handle ID: 3468 Operation ID: {0,534872} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar132.tmp Handle ID: 3468 Operation ID: {0,534867} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar132.tmp Handle ID: 3480 Operation ID: {0,534856} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab131.tmp Handle ID: 3468 Operation ID: {0,534853} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab131.tmp Handle ID: 2580 Operation ID: {0,534852} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab131.tmp Handle ID: 2580 Operation ID: {0,534845} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar132.tmp Handle ID: 2580 Operation ID: {0,534842} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab131.tmp Handle ID: 2580 Operation ID: {0,534838} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,534805} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,534769} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3404 Operation ID: {0,534728} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar130.tmp Handle ID: 3480 Operation ID: {0,534696} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab12F.tmp Handle ID: 3480 Operation ID: {0,534691} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar130.tmp Handle ID: 3480 Operation ID: {0,534686} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar130.tmp Handle ID: 3356 Operation ID: {0,534673} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab12F.tmp Handle ID: 3480 Operation ID: {0,534670} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab12F.tmp Handle ID: 3364 Operation ID: {0,534669} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab12F.tmp Handle ID: 3364 Operation ID: {0,534660} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar130.tmp Handle ID: 3364 Operation ID: {0,534659} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab12F.tmp Handle ID: 3364 Operation ID: {0,534655} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3404 Operation ID: {0,534604} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3404 Operation ID: {0,534543} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar12E.tmp Handle ID: 2580 Operation ID: {0,534511} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab12D.tmp Handle ID: 2580 Operation ID: {0,534506} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar12E.tmp Handle ID: 2580 Operation ID: {0,534501} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar12E.tmp Handle ID: 3364 Operation ID: {0,534488} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab12D.tmp Handle ID: 2580 Operation ID: {0,534485} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab12D.tmp Handle ID: 3436 Operation ID: {0,534484} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab12D.tmp Handle ID: 3436 Operation ID: {0,534477} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar12E.tmp Handle ID: 3436 Operation ID: {0,534474} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab12D.tmp Handle ID: 3436 Operation ID: {0,534470} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3364 Operation ID: {0,534437} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3364 Operation ID: {0,534401} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3364 Operation ID: {0,534362} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar12C.tmp Handle ID: 3476 Operation ID: {0,533145} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab12B.tmp Handle ID: 3476 Operation ID: {0,533140} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar12C.tmp Handle ID: 3476 Operation ID: {0,533134} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar12C.tmp Handle ID: 3364 Operation ID: {0,533086} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab12B.tmp Handle ID: 3476 Operation ID: {0,533084} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab12B.tmp Handle ID: 3436 Operation ID: {0,533082} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab12B.tmp Handle ID: 3436 Operation ID: {0,533069} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar12C.tmp Handle ID: 3436 Operation ID: {0,533059} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab12B.tmp Handle ID: 3436 Operation ID: {0,533057} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3404 Operation ID: {0,532974} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3404 Operation ID: {0,532905} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar12A.tmp Handle ID: 3356 Operation ID: {0,532855} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab129.tmp Handle ID: 3356 Operation ID: {0,532850} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar12A.tmp Handle ID: 3356 Operation ID: {0,532845} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar12A.tmp Handle ID: 3476 Operation ID: {0,532832} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab129.tmp Handle ID: 3356 Operation ID: {0,532829} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab129.tmp Handle ID: 3460 Operation ID: {0,532828} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab129.tmp Handle ID: 3460 Operation ID: {0,532821} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar12A.tmp Handle ID: 3460 Operation ID: {0,532818} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab129.tmp Handle ID: 3460 Operation ID: {0,532814} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,532781} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,532745} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3404 Operation ID: {0,532704} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,532642} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar128.tmp Handle ID: 3476 Operation ID: {0,532586} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab127.tmp Handle ID: 3476 Operation ID: {0,532581} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar128.tmp Handle ID: 3476 Operation ID: {0,532576} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar128.tmp Handle ID: 3436 Operation ID: {0,532565} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab127.tmp Handle ID: 3476 Operation ID: {0,532562} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab127.tmp Handle ID: 3468 Operation ID: {0,532561} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab127.tmp Handle ID: 3468 Operation ID: {0,532554} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar128.tmp Handle ID: 3468 Operation ID: {0,532551} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab127.tmp Handle ID: 3468 Operation ID: {0,532547} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3404 Operation ID: {0,532496} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3404 Operation ID: {0,532435} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar126.tmp Handle ID: 3460 Operation ID: {0,532405} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab125.tmp Handle ID: 3460 Operation ID: {0,532400} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar126.tmp Handle ID: 3460 Operation ID: {0,532395} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar126.tmp Handle ID: 3468 Operation ID: {0,532384} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab125.tmp Handle ID: 3460 Operation ID: {0,532381} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab125.tmp Handle ID: 3484 Operation ID: {0,532380} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab125.tmp Handle ID: 3484 Operation ID: {0,532373} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar126.tmp Handle ID: 3484 Operation ID: {0,532370} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab125.tmp Handle ID: 3484 Operation ID: {0,532366} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3468 Operation ID: {0,532333} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3468 Operation ID: {0,532297} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3404 Operation ID: {0,532256} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,532213} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar124.tmp Handle ID: 3468 Operation ID: {0,532188} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab123.tmp Handle ID: 3468 Operation ID: {0,532183} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar124.tmp Handle ID: 3468 Operation ID: {0,532178} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar124.tmp Handle ID: 3436 Operation ID: {0,532155} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab123.tmp Handle ID: 3468 Operation ID: {0,532152} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab123.tmp Handle ID: 3364 Operation ID: {0,532151} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab123.tmp Handle ID: 3364 Operation ID: {0,532144} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar124.tmp Handle ID: 3364 Operation ID: {0,532141} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab123.tmp Handle ID: 3364 Operation ID: {0,532137} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3404 Operation ID: {0,532086} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3404 Operation ID: {0,532025} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar122.tmp Handle ID: 3484 Operation ID: {0,531993} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab121.tmp Handle ID: 3484 Operation ID: {0,531990} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar122.tmp Handle ID: 3484 Operation ID: {0,531985} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3484 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3484 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar122.tmp Handle ID: 3364 Operation ID: {0,531970} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab121.tmp Handle ID: 3484 Operation ID: {0,531967} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab121.tmp Handle ID: 3356 Operation ID: {0,531966} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab121.tmp Handle ID: 3356 Operation ID: {0,531959} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar122.tmp Handle ID: 3356 Operation ID: {0,531956} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab121.tmp Handle ID: 3356 Operation ID: {0,531952} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3364 Operation ID: {0,531919} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3364 Operation ID: {0,531883} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3404 Operation ID: {0,531842} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 132 Process ID: 5532 Image File Name: C:\WINDOWS\system32\wuauclt.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 132 Object Type: Key Process ID: 5532 Image File Name: C:\WINDOWS\system32\wuauclt.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 132 Operation ID: {0,531822} Process ID: 5532 Image File Name: C:\WINDOWS\system32\wuauclt.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3436 Operation ID: {0,531747} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar120.tmp Handle ID: 3364 Operation ID: {0,531698} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab11F.tmp Handle ID: 3364 Operation ID: {0,531695} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar120.tmp Handle ID: 3364 Operation ID: {0,531690} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar120.tmp Handle ID: 3436 Operation ID: {0,531677} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab11F.tmp Handle ID: 3364 Operation ID: {0,531674} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab11F.tmp Handle ID: 3476 Operation ID: {0,531673} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab11F.tmp Handle ID: 3476 Operation ID: {0,531664} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar120.tmp Handle ID: 3476 Operation ID: {0,531663} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab11F.tmp Handle ID: 3476 Operation ID: {0,531659} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 116 Process ID: 5532 Image File Name: C:\WINDOWS\system32\wuauclt.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 116 Object Type: Key Process ID: 5532 Image File Name: C:\WINDOWS\system32\wuauclt.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 116 Operation ID: {0,531605} Process ID: 5532 Image File Name: C:\WINDOWS\system32\wuauclt.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3404 Operation ID: {0,531596} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3440 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3440 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3440 Operation ID: {0,531454} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar11E.tmp Handle ID: 3356 Operation ID: {0,531422} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab11D.tmp Handle ID: 3356 Operation ID: {0,531419} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar11E.tmp Handle ID: 3356 Operation ID: {0,531416} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar11E.tmp Handle ID: 3476 Operation ID: {0,531403} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab11D.tmp Handle ID: 3356 Operation ID: {0,531402} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab11D.tmp Handle ID: 3460 Operation ID: {0,531401} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab11D.tmp Handle ID: 3460 Operation ID: {0,531392} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar11E.tmp Handle ID: 3460 Operation ID: {0,531387} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab11D.tmp Handle ID: 3460 Operation ID: {0,531383} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,531323} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,531249} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3440 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3440 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3440 Operation ID: {0,531194} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar11C.tmp Handle ID: 3476 Operation ID: {0,531082} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab11B.tmp Handle ID: 3476 Operation ID: {0,531077} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar11C.tmp Handle ID: 3476 Operation ID: {0,531072} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar11C.tmp Handle ID: 3436 Operation ID: {0,531057} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab11B.tmp Handle ID: 3476 Operation ID: {0,531054} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab11B.tmp Handle ID: 3468 Operation ID: {0,531053} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab11B.tmp Handle ID: 3468 Operation ID: {0,531044} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar11C.tmp Handle ID: 3468 Operation ID: {0,531039} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab11B.tmp Handle ID: 3468 Operation ID: {0,531035} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3100 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3100 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3100 Operation ID: {0,530984} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3100 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3100 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3100 Operation ID: {0,530898} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar11A.tmp Handle ID: 3460 Operation ID: {0,530848} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab119.tmp Handle ID: 3460 Operation ID: {0,530843} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar11A.tmp Handle ID: 3460 Operation ID: {0,530838} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3460 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar11A.tmp Handle ID: 3468 Operation ID: {0,530825} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab119.tmp Handle ID: 3460 Operation ID: {0,530824} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab119.tmp Handle ID: 2576 Operation ID: {0,530823} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab119.tmp Handle ID: 2576 Operation ID: {0,530814} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar11A.tmp Handle ID: 2576 Operation ID: {0,530811} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab119.tmp Handle ID: 2576 Operation ID: {0,530805} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3468 Operation ID: {0,530770} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3468 Operation ID: {0,530732} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:12 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4676 Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:48:12 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4676 Object Type: Key Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:12 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4676 Operation ID: {0,530653} Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:12 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:12 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:12 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3468 Operation ID: {0,529323} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3488 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3488 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3488 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3488 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar118.tmp Handle ID: 3488 Operation ID: {0,528774} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3488 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3488 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3488 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3488 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab117.tmp Handle ID: 3488 Operation ID: {0,528769} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3488 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3488 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar118.tmp Handle ID: 3488 Operation ID: {0,528764} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3488 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3492 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3488 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar118.tmp Handle ID: 3468 Operation ID: {0,528749} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3492 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab117.tmp Handle ID: 3488 Operation ID: {0,528746} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab117.tmp Handle ID: 3492 Operation ID: {0,528745} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3492 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3492 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab117.tmp Handle ID: 3492 Operation ID: {0,528738} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3492 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar118.tmp Handle ID: 3492 Operation ID: {0,528735} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3492 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab117.tmp Handle ID: 3492 Operation ID: {0,528731} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3348 Operation ID: {0,528680} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3348 Operation ID: {0,528619} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar116.tmp Handle ID: 3364 Operation ID: {0,528587} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab115.tmp Handle ID: 3364 Operation ID: {0,528582} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar116.tmp Handle ID: 3364 Operation ID: {0,528577} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3492 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3492 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3492 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar116.tmp Handle ID: 3492 Operation ID: {0,528565} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab115.tmp Handle ID: 3364 Operation ID: {0,528562} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab115.tmp Handle ID: 3472 Operation ID: {0,528561} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab115.tmp Handle ID: 3472 Operation ID: {0,528554} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar116.tmp Handle ID: 3472 Operation ID: {0,528551} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab115.tmp Handle ID: 3472 Operation ID: {0,528547} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3492 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3492 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3492 Operation ID: {0,528514} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3492 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3492 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3492 Operation ID: {0,528478} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3348 Operation ID: {0,528437} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3468 Operation ID: {0,528394} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3492 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3492 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3492 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3492 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar114.tmp Handle ID: 3492 Operation ID: {0,528369} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3492 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3492 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3492 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3492 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab113.tmp Handle ID: 3492 Operation ID: {0,528364} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3492 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3492 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar114.tmp Handle ID: 3492 Operation ID: {0,528359} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3492 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3448 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3492 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar114.tmp Handle ID: 3468 Operation ID: {0,528346} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3448 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab113.tmp Handle ID: 3492 Operation ID: {0,528343} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab113.tmp Handle ID: 3448 Operation ID: {0,528342} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3448 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3448 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab113.tmp Handle ID: 3448 Operation ID: {0,528335} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3448 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar114.tmp Handle ID: 3448 Operation ID: {0,528332} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3448 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab113.tmp Handle ID: 3448 Operation ID: {0,528328} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3348 Operation ID: {0,528277} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3468 Operation ID: {0,528137} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar112.tmp Handle ID: 3376 Operation ID: {0,528105} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab111.tmp Handle ID: 3376 Operation ID: {0,528100} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar112.tmp Handle ID: 3376 Operation ID: {0,528095} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar112.tmp Handle ID: 3356 Operation ID: {0,528084} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab111.tmp Handle ID: 3376 Operation ID: {0,528081} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab111.tmp Handle ID: 3352 Operation ID: {0,528080} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab111.tmp Handle ID: 3352 Operation ID: {0,528073} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar112.tmp Handle ID: 3352 Operation ID: {0,528070} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab111.tmp Handle ID: 3352 Operation ID: {0,528066} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3356 Operation ID: {0,528033} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3356 Operation ID: {0,527997} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3468 Operation ID: {0,527956} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3348 Operation ID: {0,527906} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar110.tmp Handle ID: 3480 Operation ID: {0,527879} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab10F.tmp Handle ID: 3480 Operation ID: {0,527874} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar110.tmp Handle ID: 3480 Operation ID: {0,527869} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar110.tmp Handle ID: 3476 Operation ID: {0,527858} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab10F.tmp Handle ID: 3480 Operation ID: {0,527855} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab10F.tmp Handle ID: 3356 Operation ID: {0,527854} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab10F.tmp Handle ID: 3356 Operation ID: {0,527847} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar110.tmp Handle ID: 3356 Operation ID: {0,527844} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab10F.tmp Handle ID: 3356 Operation ID: {0,527840} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3468 Operation ID: {0,527789} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3468 Operation ID: {0,527728} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar10E.tmp Handle ID: 3352 Operation ID: {0,527695} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab10D.tmp Handle ID: 3352 Operation ID: {0,527690} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar10E.tmp Handle ID: 3352 Operation ID: {0,527683} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2596 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar10E.tmp Handle ID: 3356 Operation ID: {0,527670} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2596 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab10D.tmp Handle ID: 3352 Operation ID: {0,527667} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab10D.tmp Handle ID: 2596 Operation ID: {0,527666} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2596 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2596 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab10D.tmp Handle ID: 2596 Operation ID: {0,527659} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2596 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar10E.tmp Handle ID: 2596 Operation ID: {0,527656} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2596 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab10D.tmp Handle ID: 2596 Operation ID: {0,527652} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3356 Operation ID: {0,527619} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3356 Operation ID: {0,527583} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3468 Operation ID: {0,527540} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,527497} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar10C.tmp Handle ID: 3356 Operation ID: {0,527472} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab10B.tmp Handle ID: 3356 Operation ID: {0,527467} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar10C.tmp Handle ID: 3356 Operation ID: {0,527464} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar10C.tmp Handle ID: 3476 Operation ID: {0,527451} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab10B.tmp Handle ID: 3356 Operation ID: {0,527448} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab10B.tmp Handle ID: 3320 Operation ID: {0,527447} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab10B.tmp Handle ID: 3320 Operation ID: {0,527440} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar10C.tmp Handle ID: 3320 Operation ID: {0,527437} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab10B.tmp Handle ID: 3320 Operation ID: {0,527433} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3468 Operation ID: {0,527382} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3468 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3468 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3468 Operation ID: {0,527321} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2596 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2596 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2596 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2596 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar10A.tmp Handle ID: 2596 Operation ID: {0,527289} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2596 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2596 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2596 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2596 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab109.tmp Handle ID: 2596 Operation ID: {0,527284} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2596 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2596 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar10A.tmp Handle ID: 2596 Operation ID: {0,527279} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2596 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2596 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar10A.tmp Handle ID: 3320 Operation ID: {0,527268} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab109.tmp Handle ID: 2596 Operation ID: {0,527265} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab109.tmp Handle ID: 3376 Operation ID: {0,527264} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab109.tmp Handle ID: 3376 Operation ID: {0,527255} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar10A.tmp Handle ID: 3376 Operation ID: {0,527254} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab109.tmp Handle ID: 3376 Operation ID: {0,527252} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3320 Operation ID: {0,527219} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3320 Operation ID: {0,527183} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3444 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3444 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3444 Operation ID: {0,527141} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2596 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2596 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2596 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2596 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar108.tmp Handle ID: 2596 Operation ID: {0,527108} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2596 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2596 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2596 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2596 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab107.tmp Handle ID: 2596 Operation ID: {0,527103} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2596 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2596 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar108.tmp Handle ID: 2596 Operation ID: {0,527096} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2596 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2596 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar108.tmp Handle ID: 3348 Operation ID: {0,527083} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab107.tmp Handle ID: 2596 Operation ID: {0,527080} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab107.tmp Handle ID: 3476 Operation ID: {0,527079} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab107.tmp Handle ID: 3476 Operation ID: {0,527072} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar108.tmp Handle ID: 3476 Operation ID: {0,527069} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab107.tmp Handle ID: 3476 Operation ID: {0,527065} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3376 Operation ID: {0,527014} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3376 Operation ID: {0,526953} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar106.tmp Handle ID: 3320 Operation ID: {0,526917} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab105.tmp Handle ID: 3320 Operation ID: {0,526910} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar106.tmp Handle ID: 3320 Operation ID: {0,526905} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar106.tmp Handle ID: 3476 Operation ID: {0,526894} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab105.tmp Handle ID: 3320 Operation ID: {0,526891} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab105.tmp Handle ID: 3356 Operation ID: {0,526890} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab105.tmp Handle ID: 3356 Operation ID: {0,526881} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar106.tmp Handle ID: 3356 Operation ID: {0,526880} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab105.tmp Handle ID: 3356 Operation ID: {0,526876} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,526843} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,526807} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,526768} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar104.tmp Handle ID: 3420 Operation ID: {0,526696} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab103.tmp Handle ID: 3420 Operation ID: {0,526693} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar104.tmp Handle ID: 3420 Operation ID: {0,526686} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar104.tmp Handle ID: 3476 Operation ID: {0,526673} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab103.tmp Handle ID: 3420 Operation ID: {0,526670} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab103.tmp Handle ID: 3356 Operation ID: {0,526669} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab103.tmp Handle ID: 3356 Operation ID: {0,526662} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar104.tmp Handle ID: 3356 Operation ID: {0,526659} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab103.tmp Handle ID: 3356 Operation ID: {0,526655} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3376 Operation ID: {0,526604} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3376 Operation ID: {0,526543} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar102.tmp Handle ID: 3348 Operation ID: {0,526511} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab101.tmp Handle ID: 3348 Operation ID: {0,526510} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar102.tmp Handle ID: 3348 Operation ID: {0,526507} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar102.tmp Handle ID: 3356 Operation ID: {0,526496} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab101.tmp Handle ID: 3348 Operation ID: {0,526493} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab101.tmp Handle ID: 3364 Operation ID: {0,526492} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab101.tmp Handle ID: 3364 Operation ID: {0,526485} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar102.tmp Handle ID: 3364 Operation ID: {0,526482} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab101.tmp Handle ID: 3364 Operation ID: {0,526478} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3356 Operation ID: {0,526445} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3356 Operation ID: {0,526409} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3376 Operation ID: {0,526368} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,526325} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar100.tmp Handle ID: 3356 Operation ID: {0,526300} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabFF.tmp Handle ID: 3356 Operation ID: {0,526295} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar100.tmp Handle ID: 3356 Operation ID: {0,526290} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar100.tmp Handle ID: 3476 Operation ID: {0,526277} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabFF.tmp Handle ID: 3356 Operation ID: {0,526274} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabFF.tmp Handle ID: 3480 Operation ID: {0,526273} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabFF.tmp Handle ID: 3480 Operation ID: {0,526266} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar100.tmp Handle ID: 3480 Operation ID: {0,526263} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabFF.tmp Handle ID: 3480 Operation ID: {0,526259} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3376 Operation ID: {0,526208} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3376 Operation ID: {0,526147} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarFE.tmp Handle ID: 3364 Operation ID: {0,526114} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabFD.tmp Handle ID: 3364 Operation ID: {0,526109} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarFE.tmp Handle ID: 3364 Operation ID: {0,526104} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarFE.tmp Handle ID: 3480 Operation ID: {0,526093} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabFD.tmp Handle ID: 3364 Operation ID: {0,526090} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabFD.tmp Handle ID: 3352 Operation ID: {0,526089} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabFD.tmp Handle ID: 3352 Operation ID: {0,526082} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarFE.tmp Handle ID: 3352 Operation ID: {0,526077} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabFD.tmp Handle ID: 3352 Operation ID: {0,526075} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,526042} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,526006} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3376 Operation ID: {0,525965} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,525921} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarFC.tmp Handle ID: 3480 Operation ID: {0,525898} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabFB.tmp Handle ID: 3480 Operation ID: {0,525893} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarFC.tmp Handle ID: 3480 Operation ID: {0,525888} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarFC.tmp Handle ID: 3476 Operation ID: {0,525877} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabFB.tmp Handle ID: 3480 Operation ID: {0,525876} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabFB.tmp Handle ID: 3420 Operation ID: {0,525875} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabFB.tmp Handle ID: 3420 Operation ID: {0,525868} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarFC.tmp Handle ID: 3420 Operation ID: {0,525865} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabFB.tmp Handle ID: 3420 Operation ID: {0,525861} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3376 Operation ID: {0,525810} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3376 Operation ID: {0,525749} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarFA.tmp Handle ID: 3352 Operation ID: {0,525717} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabF9.tmp Handle ID: 3352 Operation ID: {0,525712} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarFA.tmp Handle ID: 3352 Operation ID: {0,525707} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarFA.tmp Handle ID: 3420 Operation ID: {0,525696} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabF9.tmp Handle ID: 3352 Operation ID: {0,525693} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabF9.tmp Handle ID: 3348 Operation ID: {0,525692} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabF9.tmp Handle ID: 3348 Operation ID: {0,525685} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarFA.tmp Handle ID: 3348 Operation ID: {0,525682} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabF9.tmp Handle ID: 3348 Operation ID: {0,525678} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,525645} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,525609} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3376 Operation ID: {0,525568} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3476 Operation ID: {0,525524} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarF8.tmp Handle ID: 3348 Operation ID: {0,525499} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabF7.tmp Handle ID: 3348 Operation ID: {0,525494} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarF8.tmp Handle ID: 3348 Operation ID: {0,525491} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarF8.tmp Handle ID: 3476 Operation ID: {0,525478} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabF7.tmp Handle ID: 3348 Operation ID: {0,525475} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabF7.tmp Handle ID: 3352 Operation ID: {0,525474} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabF7.tmp Handle ID: 3352 Operation ID: {0,525465} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarF8.tmp Handle ID: 3352 Operation ID: {0,525464} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabF7.tmp Handle ID: 3352 Operation ID: {0,525460} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3376 Operation ID: {0,525409} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3376 Operation ID: {0,525346} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarF6.tmp Handle ID: 3420 Operation ID: {0,525314} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabF5.tmp Handle ID: 3420 Operation ID: {0,525309} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarF6.tmp Handle ID: 3420 Operation ID: {0,525306} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarF6.tmp Handle ID: 3352 Operation ID: {0,525295} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabF5.tmp Handle ID: 3420 Operation ID: {0,525292} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabF5.tmp Handle ID: 3364 Operation ID: {0,525291} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabF5.tmp Handle ID: 3364 Operation ID: {0,525284} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarF6.tmp Handle ID: 3364 Operation ID: {0,525281} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabF5.tmp Handle ID: 3364 Operation ID: {0,525277} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3352 Operation ID: {0,525244} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3352 Operation ID: {0,525208} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3376 Operation ID: {0,525167} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarF4.tmp Handle ID: 3352 Operation ID: {0,525133} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabF3.tmp Handle ID: 3352 Operation ID: {0,525126} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarF4.tmp Handle ID: 3352 Operation ID: {0,525121} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarF4.tmp Handle ID: 3476 Operation ID: {0,525106} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabF3.tmp Handle ID: 3352 Operation ID: {0,525103} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabF3.tmp Handle ID: 3480 Operation ID: {0,525102} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabF3.tmp Handle ID: 3480 Operation ID: {0,525095} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarF4.tmp Handle ID: 3480 Operation ID: {0,525092} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabF3.tmp Handle ID: 3480 Operation ID: {0,525088} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3376 Operation ID: {0,525037} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3376 Operation ID: {0,524936} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarF2.tmp Handle ID: 3476 Operation ID: {0,524777} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabF1.tmp Handle ID: 3476 Operation ID: {0,524770} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarF2.tmp Handle ID: 3476 Operation ID: {0,524767} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3476 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3476 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarF2.tmp Handle ID: 3480 Operation ID: {0,524754} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabF1.tmp Handle ID: 3476 Operation ID: {0,524751} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabF1.tmp Handle ID: 3356 Operation ID: {0,524750} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabF1.tmp Handle ID: 3356 Operation ID: {0,524743} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarF2.tmp Handle ID: 3356 Operation ID: {0,524740} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabF1.tmp Handle ID: 3356 Operation ID: {0,524736} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,524701} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,524665} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3480 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3480 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3480 Operation ID: {0,524626} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarF0.tmp Handle ID: 3312 Operation ID: {0,520924} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabEF.tmp Handle ID: 3312 Operation ID: {0,520919} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarF0.tmp Handle ID: 3312 Operation ID: {0,520914} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarF0.tmp Handle ID: 3364 Operation ID: {0,520901} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabEF.tmp Handle ID: 3312 Operation ID: {0,520898} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabEF.tmp Handle ID: 3352 Operation ID: {0,520897} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabEF.tmp Handle ID: 3352 Operation ID: {0,520890} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarF0.tmp Handle ID: 3352 Operation ID: {0,520887} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabEF.tmp Handle ID: 3352 Operation ID: {0,520883} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3472 Operation ID: {0,520828} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3472 Operation ID: {0,520766} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2596 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2596 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2596 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2596 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarEE.tmp Handle ID: 2596 Operation ID: {0,520734} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2596 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2596 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2596 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2596 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabED.tmp Handle ID: 2596 Operation ID: {0,520729} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2596 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2596 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarEE.tmp Handle ID: 2596 Operation ID: {0,520724} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2596 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2596 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarEE.tmp Handle ID: 3352 Operation ID: {0,520709} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabED.tmp Handle ID: 2596 Operation ID: {0,520706} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabED.tmp Handle ID: 3436 Operation ID: {0,520705} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabED.tmp Handle ID: 3436 Operation ID: {0,520698} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarEE.tmp Handle ID: 3436 Operation ID: {0,520695} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabED.tmp Handle ID: 3436 Operation ID: {0,520691} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3352 Operation ID: {0,520658} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3352 Operation ID: {0,520621} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3472 Operation ID: {0,520580} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3364 Operation ID: {0,520507} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarEC.tmp Handle ID: 3352 Operation ID: {0,520472} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabEB.tmp Handle ID: 3352 Operation ID: {0,520467} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarEC.tmp Handle ID: 3352 Operation ID: {0,520462} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarEC.tmp Handle ID: 3364 Operation ID: {0,520451} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabEB.tmp Handle ID: 3352 Operation ID: {0,520448} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabEB.tmp Handle ID: 3348 Operation ID: {0,520447} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabEB.tmp Handle ID: 3348 Operation ID: {0,520440} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarEC.tmp Handle ID: 3348 Operation ID: {0,520437} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabEB.tmp Handle ID: 3348 Operation ID: {0,520433} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3472 Operation ID: {0,520377} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3472 Operation ID: {0,520307} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarEA.tmp Handle ID: 3436 Operation ID: {0,520262} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabE9.tmp Handle ID: 3436 Operation ID: {0,520257} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarEA.tmp Handle ID: 3436 Operation ID: {0,520254} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarEA.tmp Handle ID: 3348 Operation ID: {0,520243} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabE9.tmp Handle ID: 3436 Operation ID: {0,520242} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabE9.tmp Handle ID: 3356 Operation ID: {0,520241} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabE9.tmp Handle ID: 3356 Operation ID: {0,520234} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarEA.tmp Handle ID: 3356 Operation ID: {0,520231} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabE9.tmp Handle ID: 3356 Operation ID: {0,520227} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3348 Operation ID: {0,520172} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3348 Operation ID: {0,520122} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3472 Operation ID: {0,520068} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3364 Operation ID: {0,520020} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarE8.tmp Handle ID: 3356 Operation ID: {0,519995} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabE7.tmp Handle ID: 3356 Operation ID: {0,519990} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarE8.tmp Handle ID: 3356 Operation ID: {0,519985} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarE8.tmp Handle ID: 3364 Operation ID: {0,519976} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabE7.tmp Handle ID: 3356 Operation ID: {0,519975} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabE7.tmp Handle ID: 3312 Operation ID: {0,519974} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabE7.tmp Handle ID: 3312 Operation ID: {0,519967} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarE8.tmp Handle ID: 3312 Operation ID: {0,519964} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabE7.tmp Handle ID: 3312 Operation ID: {0,519960} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3472 Operation ID: {0,519909} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3472 Operation ID: {0,519833} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarE6.tmp Handle ID: 3436 Operation ID: {0,519786} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabE5.tmp Handle ID: 3436 Operation ID: {0,519781} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarE6.tmp Handle ID: 3436 Operation ID: {0,519776} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3436 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2596 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3436 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarE6.tmp Handle ID: 3312 Operation ID: {0,519765} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2596 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabE5.tmp Handle ID: 3436 Operation ID: {0,519762} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabE5.tmp Handle ID: 2596 Operation ID: {0,519761} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2596 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2596 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabE5.tmp Handle ID: 2596 Operation ID: {0,519750} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2596 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarE6.tmp Handle ID: 2596 Operation ID: {0,519749} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2596 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabE5.tmp Handle ID: 2596 Operation ID: {0,519745} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3312 Operation ID: {0,519712} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3312 Operation ID: {0,519676} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3472 Operation ID: {0,519632} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3364 Operation ID: {0,519588} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarE4.tmp Handle ID: 3312 Operation ID: {0,519553} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabE3.tmp Handle ID: 3312 Operation ID: {0,519548} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarE4.tmp Handle ID: 3312 Operation ID: {0,519541} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarE4.tmp Handle ID: 3364 Operation ID: {0,519488} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabE3.tmp Handle ID: 3312 Operation ID: {0,519483} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabE3.tmp Handle ID: 3352 Operation ID: {0,519482} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabE3.tmp Handle ID: 3352 Operation ID: {0,519470} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarE4.tmp Handle ID: 3352 Operation ID: {0,519466} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabE3.tmp Handle ID: 3352 Operation ID: {0,519459} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3472 Operation ID: {0,519386} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3472 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3472 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3472 Operation ID: {0,519287} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2596 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2596 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2596 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2596 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarE2.tmp Handle ID: 2596 Operation ID: {0,519254} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2596 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2596 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2596 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2596 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabE1.tmp Handle ID: 2596 Operation ID: {0,519247} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2596 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2596 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarE2.tmp Handle ID: 2596 Operation ID: {0,519242} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2596 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2596 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarE2.tmp Handle ID: 3312 Operation ID: {0,519141} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabE1.tmp Handle ID: 2596 Operation ID: {0,519132} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabE1.tmp Handle ID: 3348 Operation ID: {0,519127} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabE1.tmp Handle ID: 3348 Operation ID: {0,519093} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarE2.tmp Handle ID: 3348 Operation ID: {0,519082} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabE1.tmp Handle ID: 3348 Operation ID: {0,519080} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3312 Operation ID: {0,519036} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3312 Operation ID: {0,519000} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3404 Operation ID: {0,518870} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:06 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarE0.tmp Handle ID: 3312 Operation ID: {0,518838} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:06 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabDF.tmp Handle ID: 3312 Operation ID: {0,518835} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarE0.tmp Handle ID: 3312 Operation ID: {0,518828} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarE0.tmp Handle ID: 3352 Operation ID: {0,518817} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabDF.tmp Handle ID: 3312 Operation ID: {0,518814} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabDF.tmp Handle ID: 3356 Operation ID: {0,518813} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabDF.tmp Handle ID: 3356 Operation ID: {0,518805} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarE0.tmp Handle ID: 3356 Operation ID: {0,518803} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabDF.tmp Handle ID: 3356 Operation ID: {0,518799} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3404 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3404 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3404 Operation ID: {0,518739} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3440 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3440 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3440 Operation ID: {0,518678} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:06 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3200 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3200 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarDE.tmp Handle ID: 3200 Operation ID: {0,518618} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:06 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3200 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3200 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabDD.tmp Handle ID: 3200 Operation ID: {0,518611} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3200 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarDE.tmp Handle ID: 3200 Operation ID: {0,518608} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3200 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarDE.tmp Handle ID: 3356 Operation ID: {0,518595} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:48:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabDD.tmp Handle ID: 3200 Operation ID: {0,518592} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabDD.tmp Handle ID: 3384 Operation ID: {0,518591} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabDD.tmp Handle ID: 3384 Operation ID: {0,518584} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarDE.tmp Handle ID: 3384 Operation ID: {0,518581} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabDD.tmp Handle ID: 3384 Operation ID: {0,518577} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3356 Operation ID: {0,518544} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3356 Operation ID: {0,518508} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:48:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3356 Operation ID: {0,518469} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 5676 Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:48:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 5676 Object Type: Key Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 5676 Operation ID: {0,515168} Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 5676 Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:48:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 5676 Object Type: Key Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 5676 Operation ID: {0,515081} Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:00 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1624 Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe " 4/17/2020 11:48:00 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1624 Object Type: File Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:00 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\ntuser.dat Handle ID: 1624 Operation ID: {0,511902} Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:48:00 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 308 Process ID: 5280 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:48:00 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 308 Object Type: Key Process ID: 5280 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:00 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 308 Operation ID: {0,511782} Process ID: 5280 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:00 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 180 Process ID: 5280 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:48:00 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 180 Object Type: Key Process ID: 5280 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:00 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 180 Operation ID: {0,511717} Process ID: 5280 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:48:00 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 64 Process ID: 5280 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:48:00 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 64 Object Type: Key Process ID: 5280 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:00 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 64 Operation ID: {0,511471} Process ID: 5280 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:00 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1596 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:48:00 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1596 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:00 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1596 Operation ID: {0,511282} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:00 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1564 Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe " 4/17/2020 11:48:00 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1564 Object Type: Key Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:00 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1564 Operation ID: {0,511233} Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:00 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1540 Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe " 4/17/2020 11:48:00 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1540 Object Type: Key Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:00 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1540 Operation ID: {0,511132} Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:00 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1544 Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe " 4/17/2020 11:48:00 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1544 Object Type: Key Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:48:00 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1544 Operation ID: {0,511060} Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:48:00 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1296 Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe " 4/17/2020 11:48:00 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1444 Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe " 4/17/2020 11:48:00 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1444 Object Type: File Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:00 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\ntuser.dat Handle ID: 1444 Operation ID: {0,510888} Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:00 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1444 Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe " 4/17/2020 11:48:00 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1444 Object Type: File Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:00 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\ntuser.dat Handle ID: 1444 Operation ID: {0,510881} Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:00 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1444 Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe " 4/17/2020 11:48:00 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1444 Object Type: File Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:00 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\ntuser.dat Handle ID: 1444 Operation ID: {0,510878} Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:00 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1444 Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe " 4/17/2020 11:48:00 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1444 Object Type: File Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:00 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\ntuser.dat Handle ID: 1444 Operation ID: {0,510875} Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:00 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1444 Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe " 4/17/2020 11:48:00 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1444 Object Type: File Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:00 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\ntuser.dat Handle ID: 1444 Operation ID: {0,510870} Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:00 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1444 Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe " 4/17/2020 11:48:00 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1444 Object Type: File Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:00 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\ntuser.dat Handle ID: 1444 Operation ID: {0,510865} Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:00 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1444 Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe " 4/17/2020 11:48:00 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1444 Object Type: File Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:00 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\ntuser.dat Handle ID: 1444 Operation ID: {0,510858} Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:00 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1444 Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe " 4/17/2020 11:48:00 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1444 Object Type: File Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:00 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\ntuser.dat Handle ID: 1444 Operation ID: {0,510855} Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:00 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1444 Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe " 4/17/2020 11:48:00 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1444 Object Type: File Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:00 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\ntuser.dat Handle ID: 1444 Operation ID: {0,510852} Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:00 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1444 Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe " 4/17/2020 11:48:00 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1444 Object Type: File Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:00 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\ntuser.dat Handle ID: 1444 Operation ID: {0,510845} Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:00 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1444 Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe " 4/17/2020 11:48:00 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1444 Object Type: File Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:00 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\ntuser.dat Handle ID: 1444 Operation ID: {0,510842} Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:00 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1444 Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe " 4/17/2020 11:48:00 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1444 Object Type: File Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:00 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\ntuser.dat Handle ID: 1444 Operation ID: {0,510837} Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:00 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1444 Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe " 4/17/2020 11:48:00 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1444 Object Type: File Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:00 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\ntuser.dat Handle ID: 1444 Operation ID: {0,510832} Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:00 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1444 Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe " 4/17/2020 11:48:00 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1444 Object Type: File Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:00 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\ntuser.dat Handle ID: 1444 Operation ID: {0,510829} Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:48:00 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1296 Object Type: File Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:48:00 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1296 Object Type: File Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:48:00 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\ntuser.dat Handle ID: 1296 Operation ID: {0,510824} Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 828 Process ID: 3528 Image File Name: C:\WINDOWS\system32\wbem\wmiprvse.exe " 4/17/2020 11:47:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 828 Object Type: Key Process ID: 3528 Image File Name: C:\WINDOWS\system32\wbem\wmiprvse.exe Accesses: READ_CONTROL Access Mask: 0x20000 " 4/17/2020 11:47:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 828 Object Type: Key Process ID: 3528 Image File Name: C:\WINDOWS\system32\wbem\wmiprvse.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Memory Management Handle ID: 828 Operation ID: {0,501168} Process ID: 3528 Image File Name: C:\WINDOWS\system32\wbem\wmiprvse.exe Primary User Name: NETWORK SERVICE Primary Domain: NT AUTHORITY Primary Logon ID: (0x0,0x3E4) Client User Name: AERODB$ Client Domain: AIS Client Logon ID: (0x0,0x3E7) Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:47:56 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 740 Process ID: 3528 Image File Name: C:\WINDOWS\system32\wbem\wmiprvse.exe " 4/17/2020 11:47:56 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 740 Object Type: Key Process ID: 3528 Image File Name: C:\WINDOWS\system32\wbem\wmiprvse.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:56 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 740 Operation ID: {0,500594} Process ID: 3528 Image File Name: C:\WINDOWS\system32\wbem\wmiprvse.exe Primary User Name: NETWORK SERVICE Primary Domain: NT AUTHORITY Primary Logon ID: (0x0,0x3E4) Client User Name: AERODB$ Client Domain: AIS Client Logon ID: (0x0,0x3E7) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarDC.tmp Handle ID: 3416 Operation ID: {0,488742} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabDB.tmp Handle ID: 3416 Operation ID: {0,488739} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarDC.tmp Handle ID: 3416 Operation ID: {0,488734} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3380 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3380 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3380 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarDC.tmp Handle ID: 3380 Operation ID: {0,488722} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabDB.tmp Handle ID: 3416 Operation ID: {0,488721} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabDB.tmp Handle ID: 3384 Operation ID: {0,488720} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabDB.tmp Handle ID: 3384 Operation ID: {0,488708} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarDC.tmp Handle ID: 3384 Operation ID: {0,488707} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabDB.tmp Handle ID: 3384 Operation ID: {0,488703} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3360 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3360 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3360 Operation ID: {0,488646} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3360 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3360 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3360 Operation ID: {0,488576} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3412 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3412 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3412 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3412 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarDA.tmp Handle ID: 3412 Operation ID: {0,488541} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3412 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3412 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3412 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3412 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabD9.tmp Handle ID: 3412 Operation ID: {0,488536} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3412 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3412 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarDA.tmp Handle ID: 3412 Operation ID: {0,488533} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3412 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3412 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarDA.tmp Handle ID: 3384 Operation ID: {0,488522} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabD9.tmp Handle ID: 3412 Operation ID: {0,488521} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabD9.tmp Handle ID: 3348 Operation ID: {0,488520} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabD9.tmp Handle ID: 3348 Operation ID: {0,488509} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarDA.tmp Handle ID: 3348 Operation ID: {0,488508} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabD9.tmp Handle ID: 3348 Operation ID: {0,488504} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3384 Operation ID: {0,488452} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3384 Operation ID: {0,488353} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3360 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3360 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3360 Operation ID: {0,488240} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3380 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3380 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3380 Operation ID: {0,488186} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarD8.tmp Handle ID: 3348 Operation ID: {0,488157} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabD7.tmp Handle ID: 3348 Operation ID: {0,488152} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarD8.tmp Handle ID: 3348 Operation ID: {0,488147} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3380 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3380 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3380 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarD8.tmp Handle ID: 3380 Operation ID: {0,488133} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabD7.tmp Handle ID: 3348 Operation ID: {0,488132} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabD7.tmp Handle ID: 3312 Operation ID: {0,488131} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabD7.tmp Handle ID: 3312 Operation ID: {0,488122} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarD8.tmp Handle ID: 3312 Operation ID: {0,488119} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabD7.tmp Handle ID: 3312 Operation ID: {0,488115} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3360 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3360 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3360 Operation ID: {0,488062} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3360 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3360 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3360 Operation ID: {0,488001} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3412 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3412 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3412 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3412 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarD6.tmp Handle ID: 3412 Operation ID: {0,487965} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3412 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3412 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3412 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3412 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabD5.tmp Handle ID: 3412 Operation ID: {0,487960} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3412 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3412 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarD6.tmp Handle ID: 3412 Operation ID: {0,487957} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3412 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3412 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarD6.tmp Handle ID: 3312 Operation ID: {0,487944} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabD5.tmp Handle ID: 3412 Operation ID: {0,487941} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabD5.tmp Handle ID: 3352 Operation ID: {0,487940} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabD5.tmp Handle ID: 3352 Operation ID: {0,487929} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarD6.tmp Handle ID: 3352 Operation ID: {0,487924} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabD5.tmp Handle ID: 3352 Operation ID: {0,487922} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3312 Operation ID: {0,487886} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3312 Operation ID: {0,487848} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3360 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3360 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3360 Operation ID: {0,487807} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3380 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3380 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3380 Operation ID: {0,487625} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarD4.tmp Handle ID: 3416 Operation ID: {0,487594} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabD3.tmp Handle ID: 3416 Operation ID: {0,487589} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarD4.tmp Handle ID: 3416 Operation ID: {0,487584} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3380 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3380 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3380 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarD4.tmp Handle ID: 3380 Operation ID: {0,487569} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabD3.tmp Handle ID: 3416 Operation ID: {0,487566} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabD3.tmp Handle ID: 3312 Operation ID: {0,487565} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabD3.tmp Handle ID: 3312 Operation ID: {0,487556} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarD4.tmp Handle ID: 3312 Operation ID: {0,487553} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabD3.tmp Handle ID: 3312 Operation ID: {0,487549} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3360 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3360 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3360 Operation ID: {0,487493} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3360 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3360 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3360 Operation ID: {0,487428} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3384 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarD2.tmp Handle ID: 3384 Operation ID: {0,487390} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3384 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabD1.tmp Handle ID: 3384 Operation ID: {0,487385} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarD2.tmp Handle ID: 3384 Operation ID: {0,487382} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarD2.tmp Handle ID: 3312 Operation ID: {0,487369} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabD1.tmp Handle ID: 3384 Operation ID: {0,487367} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabD1.tmp Handle ID: 3352 Operation ID: {0,487366} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabD1.tmp Handle ID: 3352 Operation ID: {0,487355} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarD2.tmp Handle ID: 3352 Operation ID: {0,487351} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabD1.tmp Handle ID: 3352 Operation ID: {0,487347} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3312 Operation ID: {0,487308} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3312 Operation ID: {0,487270} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3360 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3360 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3360 Operation ID: {0,487224} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3380 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3380 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3380 Operation ID: {0,486834} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarD0.tmp Handle ID: 3312 Operation ID: {0,486802} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabCF.tmp Handle ID: 3312 Operation ID: {0,486799} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarD0.tmp Handle ID: 3312 Operation ID: {0,486794} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3380 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3380 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3380 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarD0.tmp Handle ID: 3380 Operation ID: {0,486778} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabCF.tmp Handle ID: 3312 Operation ID: {0,486775} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabCF.tmp Handle ID: 3348 Operation ID: {0,486774} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabCF.tmp Handle ID: 3348 Operation ID: {0,486762} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarD0.tmp Handle ID: 3348 Operation ID: {0,486761} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabCF.tmp Handle ID: 3348 Operation ID: {0,486753} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3360 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3360 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3360 Operation ID: {0,486692} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3360 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3360 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3360 Operation ID: {0,486599} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarCE.tmp Handle ID: 3352 Operation ID: {0,486557} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabCD.tmp Handle ID: 3352 Operation ID: {0,486550} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarCE.tmp Handle ID: 3352 Operation ID: {0,486544} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarCE.tmp Handle ID: 3348 Operation ID: {0,486526} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabCD.tmp Handle ID: 3352 Operation ID: {0,486523} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabCD.tmp Handle ID: 3420 Operation ID: {0,486522} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabCD.tmp Handle ID: 3420 Operation ID: {0,486515} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarCE.tmp Handle ID: 3420 Operation ID: {0,486509} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabCD.tmp Handle ID: 3420 Operation ID: {0,486505} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3348 Operation ID: {0,486464} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3348 Operation ID: {0,486421} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3360 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3360 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3360 Operation ID: {0,486377} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarCC.tmp Handle ID: 3420 Operation ID: {0,486339} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabCB.tmp Handle ID: 3420 Operation ID: {0,486336} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarCC.tmp Handle ID: 3420 Operation ID: {0,486331} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3380 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3380 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3380 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarCC.tmp Handle ID: 3380 Operation ID: {0,486314} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabCB.tmp Handle ID: 3420 Operation ID: {0,486313} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabCB.tmp Handle ID: 3352 Operation ID: {0,486312} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabCB.tmp Handle ID: 3352 Operation ID: {0,486303} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarCC.tmp Handle ID: 3352 Operation ID: {0,486297} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabCB.tmp Handle ID: 3352 Operation ID: {0,486293} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3360 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3360 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3360 Operation ID: {0,486172} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3392 Operation ID: {0,486098} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarCA.tmp Handle ID: 3348 Operation ID: {0,486061} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabC9.tmp Handle ID: 3348 Operation ID: {0,486056} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarCA.tmp Handle ID: 3348 Operation ID: {0,486051} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarCA.tmp Handle ID: 3352 Operation ID: {0,486038} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabC9.tmp Handle ID: 3348 Operation ID: {0,486035} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabC9.tmp Handle ID: 3384 Operation ID: {0,486034} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabC9.tmp Handle ID: 3384 Operation ID: {0,486023} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarCA.tmp Handle ID: 3384 Operation ID: {0,486020} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabC9.tmp Handle ID: 3384 Operation ID: {0,486016} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3352 Operation ID: {0,485981} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3352 Operation ID: {0,485944} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3352 Operation ID: {0,485905} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarC8.tmp Handle ID: 3400 Operation ID: {0,485706} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabC7.tmp Handle ID: 3400 Operation ID: {0,485701} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarC8.tmp Handle ID: 3400 Operation ID: {0,485696} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarC8.tmp Handle ID: 3388 Operation ID: {0,485681} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabC7.tmp Handle ID: 3400 Operation ID: {0,485677} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabC7.tmp Handle ID: 3420 Operation ID: {0,485676} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabC7.tmp Handle ID: 3420 Operation ID: {0,485667} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarC8.tmp Handle ID: 3420 Operation ID: {0,485666} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabC7.tmp Handle ID: 3420 Operation ID: {0,485662} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3344 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3344 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3344 Operation ID: {0,485609} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3344 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3344 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3344 Operation ID: {0,485541} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3412 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3412 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3412 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3412 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarC6.tmp Handle ID: 3412 Operation ID: {0,485504} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3412 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3412 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3412 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3412 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabC5.tmp Handle ID: 3412 Operation ID: {0,485496} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3412 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3412 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarC6.tmp Handle ID: 3412 Operation ID: {0,485491} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3412 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3380 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3412 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarC6.tmp Handle ID: 3420 Operation ID: {0,485481} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3380 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabC5.tmp Handle ID: 3412 Operation ID: {0,485479} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabC5.tmp Handle ID: 3380 Operation ID: {0,485478} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3380 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3380 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabC5.tmp Handle ID: 3380 Operation ID: {0,485467} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3380 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarC6.tmp Handle ID: 3380 Operation ID: {0,485466} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3380 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabC5.tmp Handle ID: 3380 Operation ID: {0,485462} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,485427} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,485389} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3344 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3344 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3344 Operation ID: {0,485348} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3388 Operation ID: {0,485304} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarC4.tmp Handle ID: 3420 Operation ID: {0,485279} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabC3.tmp Handle ID: 3420 Operation ID: {0,485272} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarC4.tmp Handle ID: 3420 Operation ID: {0,485269} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarC4.tmp Handle ID: 3388 Operation ID: {0,485257} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabC3.tmp Handle ID: 3420 Operation ID: {0,485254} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabC3.tmp Handle ID: 3312 Operation ID: {0,485253} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabC3.tmp Handle ID: 3312 Operation ID: {0,485246} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarC4.tmp Handle ID: 3312 Operation ID: {0,485243} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabC3.tmp Handle ID: 3312 Operation ID: {0,485239} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3344 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3344 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3344 Operation ID: {0,485186} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3344 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3344 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3344 Operation ID: {0,485118} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3380 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3380 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3380 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3380 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarC2.tmp Handle ID: 3380 Operation ID: {0,485063} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3380 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3380 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3380 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3380 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabC1.tmp Handle ID: 3380 Operation ID: {0,485058} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3380 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3380 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarC2.tmp Handle ID: 3380 Operation ID: {0,485053} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3380 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3380 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarC2.tmp Handle ID: 3312 Operation ID: {0,485042} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabC1.tmp Handle ID: 3380 Operation ID: {0,485039} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabC1.tmp Handle ID: 3384 Operation ID: {0,485038} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabC1.tmp Handle ID: 3384 Operation ID: {0,485028} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarC2.tmp Handle ID: 3384 Operation ID: {0,485022} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabC1.tmp Handle ID: 3384 Operation ID: {0,485018} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3312 Operation ID: {0,484979} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3312 Operation ID: {0,484937} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3344 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3344 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3344 Operation ID: {0,484890} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3388 Operation ID: {0,484841} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3384 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarC0.tmp Handle ID: 3384 Operation ID: {0,484816} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3384 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabBF.tmp Handle ID: 3384 Operation ID: {0,484814} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarC0.tmp Handle ID: 3384 Operation ID: {0,484810} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarC0.tmp Handle ID: 3388 Operation ID: {0,484801} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabBF.tmp Handle ID: 3384 Operation ID: {0,484798} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabBF.tmp Handle ID: 3400 Operation ID: {0,484797} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabBF.tmp Handle ID: 3400 Operation ID: {0,484790} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarC0.tmp Handle ID: 3400 Operation ID: {0,484787} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabBF.tmp Handle ID: 3400 Operation ID: {0,484783} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3344 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3344 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3344 Operation ID: {0,484731} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3344 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3344 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3344 Operation ID: {0,484662} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3380 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3380 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3380 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3380 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarBE.tmp Handle ID: 3380 Operation ID: {0,484607} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3380 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3380 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3380 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3380 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabBD.tmp Handle ID: 3380 Operation ID: {0,484600} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3380 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3380 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarBE.tmp Handle ID: 3380 Operation ID: {0,484597} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3380 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3412 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3380 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarBE.tmp Handle ID: 3400 Operation ID: {0,484579} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3412 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabBD.tmp Handle ID: 3380 Operation ID: {0,484576} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabBD.tmp Handle ID: 3412 Operation ID: {0,484575} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3412 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3412 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabBD.tmp Handle ID: 3412 Operation ID: {0,484565} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3412 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarBE.tmp Handle ID: 3412 Operation ID: {0,484561} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3412 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabBD.tmp Handle ID: 3412 Operation ID: {0,484557} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3400 Operation ID: {0,484520} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3400 Operation ID: {0,484480} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3344 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:43 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3344 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:43 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3344 Operation ID: {0,484437} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3388 Operation ID: {0,484341} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3380 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3380 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3380 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3380 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarBC.tmp Handle ID: 3380 Operation ID: {0,484314} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3380 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3380 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3380 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3380 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabBB.tmp Handle ID: 3380 Operation ID: {0,484309} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3380 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3380 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarBC.tmp Handle ID: 3380 Operation ID: {0,484301} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3380 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3380 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarBC.tmp Handle ID: 3388 Operation ID: {0,484283} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabBB.tmp Handle ID: 3380 Operation ID: {0,484280} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabBB.tmp Handle ID: 3420 Operation ID: {0,484279} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabBB.tmp Handle ID: 3420 Operation ID: {0,484266} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarBC.tmp Handle ID: 3420 Operation ID: {0,484265} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabBB.tmp Handle ID: 3420 Operation ID: {0,484261} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3344 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3344 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3344 Operation ID: {0,484202} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3344 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3344 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3344 Operation ID: {0,484121} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3412 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3412 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3412 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3412 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarBA.tmp Handle ID: 3412 Operation ID: {0,484072} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3412 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3412 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3412 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3412 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabB9.tmp Handle ID: 3412 Operation ID: {0,484067} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3412 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3412 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarBA.tmp Handle ID: 3412 Operation ID: {0,484063} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3412 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3412 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarBA.tmp Handle ID: 3420 Operation ID: {0,484047} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabB9.tmp Handle ID: 3412 Operation ID: {0,484046} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabB9.tmp Handle ID: 3312 Operation ID: {0,484045} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabB9.tmp Handle ID: 3312 Operation ID: {0,484034} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarBA.tmp Handle ID: 3312 Operation ID: {0,484031} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabB9.tmp Handle ID: 3312 Operation ID: {0,484027} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,483993} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,483955} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3344 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3344 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3344 Operation ID: {0,483912} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarB8.tmp Handle ID: 3420 Operation ID: {0,483867} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabB7.tmp Handle ID: 3420 Operation ID: {0,483861} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarB8.tmp Handle ID: 3420 Operation ID: {0,483856} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarB8.tmp Handle ID: 3388 Operation ID: {0,483835} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabB7.tmp Handle ID: 3420 Operation ID: {0,483834} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabB7.tmp Handle ID: 3384 Operation ID: {0,483833} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabB7.tmp Handle ID: 3384 Operation ID: {0,483821} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarB8.tmp Handle ID: 3384 Operation ID: {0,483817} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabB7.tmp Handle ID: 3384 Operation ID: {0,483813} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3344 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3344 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3344 Operation ID: {0,483758} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3344 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3344 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3344 Operation ID: {0,483684} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarB6.tmp Handle ID: 3312 Operation ID: {0,483640} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabB5.tmp Handle ID: 3312 Operation ID: {0,483637} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarB6.tmp Handle ID: 3312 Operation ID: {0,483632} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3312 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3312 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarB6.tmp Handle ID: 3384 Operation ID: {0,483618} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabB5.tmp Handle ID: 3312 Operation ID: {0,483615} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabB5.tmp Handle ID: 3400 Operation ID: {0,483614} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabB5.tmp Handle ID: 3400 Operation ID: {0,483603} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarB6.tmp Handle ID: 3400 Operation ID: {0,483600} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabB5.tmp Handle ID: 3400 Operation ID: {0,483596} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3384 Operation ID: {0,483563} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3384 Operation ID: {0,483525} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3384 Operation ID: {0,483485} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarB4.tmp Handle ID: 3356 Operation ID: {0,483361} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabB3.tmp Handle ID: 3356 Operation ID: {0,483356} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarB4.tmp Handle ID: 3356 Operation ID: {0,483351} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarB4.tmp Handle ID: 3384 Operation ID: {0,483338} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabB3.tmp Handle ID: 3356 Operation ID: {0,483337} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabB3.tmp Handle ID: 3400 Operation ID: {0,483336} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabB3.tmp Handle ID: 3400 Operation ID: {0,483325} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarB4.tmp Handle ID: 3400 Operation ID: {0,483320} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabB3.tmp Handle ID: 3400 Operation ID: {0,483318} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3344 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3344 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3344 Operation ID: {0,483262} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3344 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3344 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3344 Operation ID: {0,483197} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarB2.tmp Handle ID: 3388 Operation ID: {0,483162} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabB1.tmp Handle ID: 3388 Operation ID: {0,483157} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarB2.tmp Handle ID: 3388 Operation ID: {0,483154} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarB2.tmp Handle ID: 3400 Operation ID: {0,483119} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabB1.tmp Handle ID: 3388 Operation ID: {0,483116} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabB1.tmp Handle ID: 3352 Operation ID: {0,483115} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabB1.tmp Handle ID: 3388 Operation ID: {0,483103} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarB2.tmp Handle ID: 3388 Operation ID: {0,483102} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabB1.tmp Handle ID: 3388 Operation ID: {0,483100} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3400 Operation ID: {0,482969} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3400 Operation ID: {0,482889} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3416 Operation ID: {0,482820} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3240 Operation ID: {0,482079} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarB0.tmp Handle ID: 3388 Operation ID: {0,482034} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabAF.tmp Handle ID: 3388 Operation ID: {0,482031} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarB0.tmp Handle ID: 3388 Operation ID: {0,482026} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3360 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarB0.tmp Handle ID: 3240 Operation ID: {0,482011} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3360 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabAF.tmp Handle ID: 3388 Operation ID: {0,482008} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabAF.tmp Handle ID: 3360 Operation ID: {0,482007} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3360 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3360 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabAF.tmp Handle ID: 3360 Operation ID: {0,481996} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3360 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarB0.tmp Handle ID: 3360 Operation ID: {0,481995} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3360 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabAF.tmp Handle ID: 3360 Operation ID: {0,481991} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,481938} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,481869} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarAE.tmp Handle ID: 3352 Operation ID: {0,481833} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabAD.tmp Handle ID: 3352 Operation ID: {0,481828} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarAE.tmp Handle ID: 3352 Operation ID: {0,481823} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3360 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3360 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3360 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarAE.tmp Handle ID: 3360 Operation ID: {0,481812} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabAD.tmp Handle ID: 3352 Operation ID: {0,481809} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabAD.tmp Handle ID: 3372 Operation ID: {0,481808} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabAD.tmp Handle ID: 3372 Operation ID: {0,481797} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarAE.tmp Handle ID: 3372 Operation ID: {0,481796} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabAD.tmp Handle ID: 3372 Operation ID: {0,481792} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3360 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3360 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3360 Operation ID: {0,481756} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3360 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3360 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3360 Operation ID: {0,481720} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,481679} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3240 Operation ID: {0,481636} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3360 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3360 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3360 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3360 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarAC.tmp Handle ID: 3360 Operation ID: {0,481609} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3360 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3360 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3360 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3360 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabAB.tmp Handle ID: 3360 Operation ID: {0,481604} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3360 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3360 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarAC.tmp Handle ID: 3360 Operation ID: {0,481599} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3360 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3360 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarAC.tmp Handle ID: 3240 Operation ID: {0,481588} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabAB.tmp Handle ID: 3360 Operation ID: {0,481585} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabAB.tmp Handle ID: 3348 Operation ID: {0,481584} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabAB.tmp Handle ID: 3348 Operation ID: {0,481573} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarAC.tmp Handle ID: 3348 Operation ID: {0,481567} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabAB.tmp Handle ID: 3348 Operation ID: {0,481563} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,481509} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,481438} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarAA.tmp Handle ID: 3372 Operation ID: {0,481295} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabA9.tmp Handle ID: 3372 Operation ID: {0,481285} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarAA.tmp Handle ID: 3372 Operation ID: {0,481273} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarAA.tmp Handle ID: 3348 Operation ID: {0,481124} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabA9.tmp Handle ID: 3372 Operation ID: {0,481123} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabA9.tmp Handle ID: 3400 Operation ID: {0,481120} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabA9.tmp Handle ID: 3400 Operation ID: {0,481098} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarAA.tmp Handle ID: 3400 Operation ID: {0,481094} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabA9.tmp Handle ID: 3400 Operation ID: {0,481078} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3348 Operation ID: {0,481019} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3348 Operation ID: {0,480939} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,480826} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3240 Operation ID: {0,480781} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarA8.tmp Handle ID: 3400 Operation ID: {0,480756} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabA7.tmp Handle ID: 3400 Operation ID: {0,480753} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarA8.tmp Handle ID: 3400 Operation ID: {0,480748} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarA8.tmp Handle ID: 3240 Operation ID: {0,480735} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabA7.tmp Handle ID: 3400 Operation ID: {0,480732} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabA7.tmp Handle ID: 3388 Operation ID: {0,480731} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabA7.tmp Handle ID: 3388 Operation ID: {0,480724} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarA8.tmp Handle ID: 3388 Operation ID: {0,480721} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabA7.tmp Handle ID: 3388 Operation ID: {0,480717} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,480665} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,480598} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarA6.tmp Handle ID: 3372 Operation ID: {0,480543} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabA5.tmp Handle ID: 3372 Operation ID: {0,480538} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarA6.tmp Handle ID: 3372 Operation ID: {0,480536} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarA6.tmp Handle ID: 3388 Operation ID: {0,480519} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabA5.tmp Handle ID: 3372 Operation ID: {0,480518} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabA5.tmp Handle ID: 3352 Operation ID: {0,480517} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabA5.tmp Handle ID: 3352 Operation ID: {0,480508} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarA6.tmp Handle ID: 3352 Operation ID: {0,480505} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabA5.tmp Handle ID: 3352 Operation ID: {0,480501} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3388 Operation ID: {0,480464} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3388 Operation ID: {0,480428} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,480387} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarA4.tmp Handle ID: 3388 Operation ID: {0,480355} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabA3.tmp Handle ID: 3388 Operation ID: {0,480350} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarA4.tmp Handle ID: 3388 Operation ID: {0,480345} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3360 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarA4.tmp Handle ID: 3240 Operation ID: {0,480334} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3360 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabA3.tmp Handle ID: 3388 Operation ID: {0,480331} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabA3.tmp Handle ID: 3360 Operation ID: {0,480330} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3360 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3360 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabA3.tmp Handle ID: 3360 Operation ID: {0,480323} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3360 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarA4.tmp Handle ID: 3360 Operation ID: {0,480320} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3360 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabA3.tmp Handle ID: 3360 Operation ID: {0,480316} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3416 Operation ID: {0,480261} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3416 Operation ID: {0,480196} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarA2.tmp Handle ID: 3348 Operation ID: {0,480141} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabA1.tmp Handle ID: 3348 Operation ID: {0,480138} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarA2.tmp Handle ID: 3348 Operation ID: {0,480131} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarA2.tmp Handle ID: 3240 Operation ID: {0,480113} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabA1.tmp Handle ID: 3348 Operation ID: {0,480110} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabA1.tmp Handle ID: 3400 Operation ID: {0,480109} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabA1.tmp Handle ID: 3400 Operation ID: {0,480099} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarA2.tmp Handle ID: 3400 Operation ID: {0,480094} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabA1.tmp Handle ID: 3400 Operation ID: {0,480092} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3240 Operation ID: {0,480053} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3240 Operation ID: {0,480017} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3240 Operation ID: {0,479978} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarA0.tmp Handle ID: 3372 Operation ID: {0,476136} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab9F.tmp Handle ID: 3372 Operation ID: {0,476131} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarA0.tmp Handle ID: 3372 Operation ID: {0,476126} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarA0.tmp Handle ID: 3400 Operation ID: {0,476113} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab9F.tmp Handle ID: 3372 Operation ID: {0,476112} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab9F.tmp Handle ID: 3240 Operation ID: {0,476111} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab9F.tmp Handle ID: 3240 Operation ID: {0,476102} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarA0.tmp Handle ID: 3240 Operation ID: {0,476101} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab9F.tmp Handle ID: 3240 Operation ID: {0,476097} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3416 Operation ID: {0,476046} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3416 Operation ID: {0,475983} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar9E.tmp Handle ID: 3388 Operation ID: {0,475929} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab9D.tmp Handle ID: 3388 Operation ID: {0,475926} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar9E.tmp Handle ID: 3388 Operation ID: {0,475921} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar9E.tmp Handle ID: 3240 Operation ID: {0,475906} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab9D.tmp Handle ID: 3388 Operation ID: {0,475905} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab9D.tmp Handle ID: 3392 Operation ID: {0,475904} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab9D.tmp Handle ID: 3392 Operation ID: {0,475897} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar9E.tmp Handle ID: 3392 Operation ID: {0,475892} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab9D.tmp Handle ID: 3392 Operation ID: {0,475888} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3240 Operation ID: {0,475855} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3240 Operation ID: {0,475817} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3416 Operation ID: {0,475776} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3400 Operation ID: {0,475732} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar9C.tmp Handle ID: 3392 Operation ID: {0,475707} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab9B.tmp Handle ID: 3392 Operation ID: {0,475702} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar9C.tmp Handle ID: 3392 Operation ID: {0,475697} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar9C.tmp Handle ID: 3400 Operation ID: {0,475686} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab9B.tmp Handle ID: 3392 Operation ID: {0,475683} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab9B.tmp Handle ID: 3388 Operation ID: {0,475682} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab9B.tmp Handle ID: 3388 Operation ID: {0,475675} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar9C.tmp Handle ID: 3388 Operation ID: {0,475672} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab9B.tmp Handle ID: 3388 Operation ID: {0,475668} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3416 Operation ID: {0,475615} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3416 Operation ID: {0,475554} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar9A.tmp Handle ID: 3240 Operation ID: {0,475520} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab99.tmp Handle ID: 3240 Operation ID: {0,475515} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar9A.tmp Handle ID: 3240 Operation ID: {0,475510} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar9A.tmp Handle ID: 3388 Operation ID: {0,475497} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab99.tmp Handle ID: 3240 Operation ID: {0,475494} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab99.tmp Handle ID: 3352 Operation ID: {0,475493} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab99.tmp Handle ID: 3352 Operation ID: {0,475484} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar9A.tmp Handle ID: 3352 Operation ID: {0,475481} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab99.tmp Handle ID: 3352 Operation ID: {0,475477} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3388 Operation ID: {0,475442} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3388 Operation ID: {0,475404} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3416 Operation ID: {0,475361} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3400 Operation ID: {0,475316} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar98.tmp Handle ID: 3388 Operation ID: {0,475291} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab97.tmp Handle ID: 3388 Operation ID: {0,475286} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar98.tmp Handle ID: 3388 Operation ID: {0,475281} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar98.tmp Handle ID: 3400 Operation ID: {0,475270} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab97.tmp Handle ID: 3388 Operation ID: {0,475267} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab97.tmp Handle ID: 3372 Operation ID: {0,475266} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab97.tmp Handle ID: 3372 Operation ID: {0,475257} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar98.tmp Handle ID: 3372 Operation ID: {0,475256} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab97.tmp Handle ID: 3372 Operation ID: {0,475252} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3416 Operation ID: {0,475201} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3416 Operation ID: {0,475138} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar96.tmp Handle ID: 3352 Operation ID: {0,475096} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab95.tmp Handle ID: 3352 Operation ID: {0,475091} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar96.tmp Handle ID: 3352 Operation ID: {0,475086} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar96.tmp Handle ID: 3372 Operation ID: {0,475075} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab95.tmp Handle ID: 3352 Operation ID: {0,475072} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab95.tmp Handle ID: 3356 Operation ID: {0,475071} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab95.tmp Handle ID: 3356 Operation ID: {0,475062} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar96.tmp Handle ID: 3356 Operation ID: {0,475061} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab95.tmp Handle ID: 3356 Operation ID: {0,475057} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3372 Operation ID: {0,475022} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3372 Operation ID: {0,474984} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3416 Operation ID: {0,474943} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3400 Operation ID: {0,474898} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar94.tmp Handle ID: 3372 Operation ID: {0,474853} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab93.tmp Handle ID: 3372 Operation ID: {0,474850} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar94.tmp Handle ID: 3372 Operation ID: {0,474845} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar94.tmp Handle ID: 3400 Operation ID: {0,474828} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab93.tmp Handle ID: 3372 Operation ID: {0,474827} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab93.tmp Handle ID: 3392 Operation ID: {0,474826} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab93.tmp Handle ID: 3392 Operation ID: {0,474817} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar94.tmp Handle ID: 3392 Operation ID: {0,474816} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab93.tmp Handle ID: 3392 Operation ID: {0,474812} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3416 Operation ID: {0,474759} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3416 Operation ID: {0,474698} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar92.tmp Handle ID: 3356 Operation ID: {0,474646} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab91.tmp Handle ID: 3356 Operation ID: {0,474643} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar92.tmp Handle ID: 3356 Operation ID: {0,474638} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar92.tmp Handle ID: 3392 Operation ID: {0,474621} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab91.tmp Handle ID: 3356 Operation ID: {0,474620} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab91.tmp Handle ID: 3240 Operation ID: {0,474619} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab91.tmp Handle ID: 3240 Operation ID: {0,474610} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar92.tmp Handle ID: 3240 Operation ID: {0,474607} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab91.tmp Handle ID: 3240 Operation ID: {0,474603} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3392 Operation ID: {0,474567} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3392 Operation ID: {0,474529} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3416 Operation ID: {0,474455} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar90.tmp Handle ID: 3240 Operation ID: {0,474389} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab8F.tmp Handle ID: 3240 Operation ID: {0,474384} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar90.tmp Handle ID: 3240 Operation ID: {0,474381} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar90.tmp Handle ID: 3400 Operation ID: {0,474370} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab8F.tmp Handle ID: 3240 Operation ID: {0,474367} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab8F.tmp Handle ID: 3388 Operation ID: {0,474366} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab8F.tmp Handle ID: 3388 Operation ID: {0,474357} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar90.tmp Handle ID: 3388 Operation ID: {0,474356} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab8F.tmp Handle ID: 3388 Operation ID: {0,474352} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3416 Operation ID: {0,474301} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3360 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3360 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3360 Operation ID: {0,474236} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3344 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3344 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3344 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3344 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar8E.tmp Handle ID: 3344 Operation ID: {0,474204} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3344 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3344 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3344 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3344 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab8D.tmp Handle ID: 3344 Operation ID: {0,474199} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3344 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3344 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar8E.tmp Handle ID: 3344 Operation ID: {0,474194} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3344 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3344 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar8E.tmp Handle ID: 3372 Operation ID: {0,474181} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab8D.tmp Handle ID: 3344 Operation ID: {0,474180} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab8D.tmp Handle ID: 3388 Operation ID: {0,474179} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab8D.tmp Handle ID: 3388 Operation ID: {0,474168} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar8E.tmp Handle ID: 3388 Operation ID: {0,474167} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab8D.tmp Handle ID: 3388 Operation ID: {0,474163} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3372 Operation ID: {0,474130} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3372 Operation ID: {0,474094} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3372 Operation ID: {0,474055} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar8C.tmp Handle ID: 3428 Operation ID: {0,472753} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab8B.tmp Handle ID: 3428 Operation ID: {0,472748} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar8C.tmp Handle ID: 3428 Operation ID: {0,472743} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar8C.tmp Handle ID: 3352 Operation ID: {0,472732} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab8B.tmp Handle ID: 3428 Operation ID: {0,472729} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab8B.tmp Handle ID: 3420 Operation ID: {0,472728} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab8B.tmp Handle ID: 3420 Operation ID: {0,472719} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar8C.tmp Handle ID: 3420 Operation ID: {0,472718} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab8B.tmp Handle ID: 3420 Operation ID: {0,472714} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3424 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3424 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3424 Operation ID: {0,472660} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3424 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3424 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3424 Operation ID: {0,472598} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar8A.tmp Handle ID: 3392 Operation ID: {0,472558} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab89.tmp Handle ID: 3392 Operation ID: {0,472553} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar8A.tmp Handle ID: 3392 Operation ID: {0,472550} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar8A.tmp Handle ID: 3420 Operation ID: {0,472539} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab89.tmp Handle ID: 3392 Operation ID: {0,472536} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab89.tmp Handle ID: 3356 Operation ID: {0,472535} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab89.tmp Handle ID: 3356 Operation ID: {0,472525} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar8A.tmp Handle ID: 3356 Operation ID: {0,472523} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab89.tmp Handle ID: 3356 Operation ID: {0,472519} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,472486} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,472448} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3424 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3424 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3424 Operation ID: {0,472405} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3352 Operation ID: {0,472357} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar88.tmp Handle ID: 3420 Operation ID: {0,472332} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab87.tmp Handle ID: 3420 Operation ID: {0,472327} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar88.tmp Handle ID: 3420 Operation ID: {0,472324} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar88.tmp Handle ID: 3352 Operation ID: {0,472311} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab87.tmp Handle ID: 3420 Operation ID: {0,472310} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab87.tmp Handle ID: 3320 Operation ID: {0,472309} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab87.tmp Handle ID: 3320 Operation ID: {0,472300} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar88.tmp Handle ID: 3320 Operation ID: {0,472299} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab87.tmp Handle ID: 3320 Operation ID: {0,472293} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3424 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3424 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3424 Operation ID: {0,472242} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3424 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3424 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3424 Operation ID: {0,472148} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar86.tmp Handle ID: 3356 Operation ID: {0,472103} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab85.tmp Handle ID: 3356 Operation ID: {0,472102} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar86.tmp Handle ID: 3356 Operation ID: {0,472100} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar86.tmp Handle ID: 3320 Operation ID: {0,472002} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab85.tmp Handle ID: 3356 Operation ID: {0,472001} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab85.tmp Handle ID: 3388 Operation ID: {0,472000} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab85.tmp Handle ID: 3388 Operation ID: {0,471997} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar86.tmp Handle ID: 3388 Operation ID: {0,471995} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab85.tmp Handle ID: 3388 Operation ID: {0,471984} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3320 Operation ID: {0,471925} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3320 Operation ID: {0,471866} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3424 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3424 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3424 Operation ID: {0,471795} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3352 Operation ID: {0,471654} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar84.tmp Handle ID: 3388 Operation ID: {0,471591} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab83.tmp Handle ID: 3388 Operation ID: {0,471590} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar84.tmp Handle ID: 3388 Operation ID: {0,471589} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar84.tmp Handle ID: 3352 Operation ID: {0,471560} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab83.tmp Handle ID: 3388 Operation ID: {0,471557} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab83.tmp Handle ID: 3428 Operation ID: {0,471556} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab83.tmp Handle ID: 3428 Operation ID: {0,471547} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar84.tmp Handle ID: 3428 Operation ID: {0,471546} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab83.tmp Handle ID: 3428 Operation ID: {0,471542} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3424 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3424 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3424 Operation ID: {0,471489} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3424 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3424 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3424 Operation ID: {0,471428} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar82.tmp Handle ID: 3356 Operation ID: {0,471396} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab81.tmp Handle ID: 3356 Operation ID: {0,471391} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar82.tmp Handle ID: 3356 Operation ID: {0,471386} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar82.tmp Handle ID: 3428 Operation ID: {0,471373} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab81.tmp Handle ID: 3356 Operation ID: {0,471372} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab81.tmp Handle ID: 3392 Operation ID: {0,471371} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3392 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab81.tmp Handle ID: 3392 Operation ID: {0,471360} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar82.tmp Handle ID: 3392 Operation ID: {0,471359} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3392 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab81.tmp Handle ID: 3392 Operation ID: {0,471355} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3428 Operation ID: {0,471322} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3428 Operation ID: {0,471284} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3424 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3424 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3424 Operation ID: {0,471241} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3352 Operation ID: {0,471198} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar80.tmp Handle ID: 3428 Operation ID: {0,471171} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab7F.tmp Handle ID: 3428 Operation ID: {0,471166} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar80.tmp Handle ID: 3428 Operation ID: {0,471163} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar80.tmp Handle ID: 3352 Operation ID: {0,471152} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab7F.tmp Handle ID: 3428 Operation ID: {0,471149} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab7F.tmp Handle ID: 3420 Operation ID: {0,471148} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab7F.tmp Handle ID: 3420 Operation ID: {0,471137} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar80.tmp Handle ID: 3420 Operation ID: {0,471136} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab7F.tmp Handle ID: 3420 Operation ID: {0,471132} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3424 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3424 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3424 Operation ID: {0,471081} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3424 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3424 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3424 Operation ID: {0,470841} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar7E.tmp Handle ID: 3352 Operation ID: {0,470583} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab7D.tmp Handle ID: 3352 Operation ID: {0,470580} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar7E.tmp Handle ID: 3352 Operation ID: {0,470575} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar7E.tmp Handle ID: 3420 Operation ID: {0,470564} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab7D.tmp Handle ID: 3352 Operation ID: {0,470563} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab7D.tmp Handle ID: 3320 Operation ID: {0,470562} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab7D.tmp Handle ID: 3320 Operation ID: {0,470555} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar7E.tmp Handle ID: 3320 Operation ID: {0,470554} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab7D.tmp Handle ID: 3320 Operation ID: {0,470550} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,470517} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,470479} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3416 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3416 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3416 Operation ID: {0,470436} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar7C.tmp Handle ID: 3388 Operation ID: {0,470382} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab7B.tmp Handle ID: 3388 Operation ID: {0,470377} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar7C.tmp Handle ID: 3388 Operation ID: {0,470372} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar7C.tmp Handle ID: 3240 Operation ID: {0,470357} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab7B.tmp Handle ID: 3388 Operation ID: {0,470356} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab7B.tmp Handle ID: 3372 Operation ID: {0,470355} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab7B.tmp Handle ID: 3372 Operation ID: {0,470348} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar7C.tmp Handle ID: 3372 Operation ID: {0,470343} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab7B.tmp Handle ID: 3372 Operation ID: {0,470339} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,470286} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,470225} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar7A.tmp Handle ID: 3320 Operation ID: {0,470173} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab79.tmp Handle ID: 3320 Operation ID: {0,470168} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar7A.tmp Handle ID: 3320 Operation ID: {0,470165} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar7A.tmp Handle ID: 3372 Operation ID: {0,470148} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab79.tmp Handle ID: 3320 Operation ID: {0,470147} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab79.tmp Handle ID: 3428 Operation ID: {0,470146} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab79.tmp Handle ID: 3428 Operation ID: {0,470139} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar7A.tmp Handle ID: 3428 Operation ID: {0,470134} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab79.tmp Handle ID: 3428 Operation ID: {0,470130} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3372 Operation ID: {0,470097} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3372 Operation ID: {0,470061} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3372 Operation ID: {0,470022} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3396 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3396 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3396 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3396 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar78.tmp Handle ID: 3396 Operation ID: {0,469959} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3396 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3396 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3396 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3396 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab77.tmp Handle ID: 3396 Operation ID: {0,469954} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3396 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3396 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar78.tmp Handle ID: 3396 Operation ID: {0,469949} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3396 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3396 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar78.tmp Handle ID: 3372 Operation ID: {0,469938} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab77.tmp Handle ID: 3396 Operation ID: {0,469937} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab77.tmp Handle ID: 3428 Operation ID: {0,469936} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab77.tmp Handle ID: 3428 Operation ID: {0,469927} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar78.tmp Handle ID: 3428 Operation ID: {0,469926} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab77.tmp Handle ID: 3428 Operation ID: {0,469920} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,469869} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,469806} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar76.tmp Handle ID: 3240 Operation ID: {0,469772} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab75.tmp Handle ID: 3240 Operation ID: {0,469767} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar76.tmp Handle ID: 3240 Operation ID: {0,469764} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3344 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar76.tmp Handle ID: 3428 Operation ID: {0,469753} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3344 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab75.tmp Handle ID: 3240 Operation ID: {0,469750} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab75.tmp Handle ID: 3344 Operation ID: {0,469749} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3344 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3344 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab75.tmp Handle ID: 3344 Operation ID: {0,469740} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3344 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar76.tmp Handle ID: 3344 Operation ID: {0,469739} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3344 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab75.tmp Handle ID: 3344 Operation ID: {0,469735} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3428 Operation ID: {0,469702} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3428 Operation ID: {0,469665} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,469624} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3372 Operation ID: {0,469579} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar74.tmp Handle ID: 3428 Operation ID: {0,469546} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab73.tmp Handle ID: 3428 Operation ID: {0,469543} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar74.tmp Handle ID: 3428 Operation ID: {0,469538} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3428 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3428 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar74.tmp Handle ID: 3372 Operation ID: {0,469527} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab73.tmp Handle ID: 3428 Operation ID: {0,469524} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab73.tmp Handle ID: 3352 Operation ID: {0,469523} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab73.tmp Handle ID: 3352 Operation ID: {0,469514} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar74.tmp Handle ID: 3352 Operation ID: {0,469509} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab73.tmp Handle ID: 3352 Operation ID: {0,469505} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,469452} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3420 Operation ID: {0,469391} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3344 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3344 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3344 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3344 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar72.tmp Handle ID: 3344 Operation ID: {0,469278} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3344 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3344 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3344 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3344 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab71.tmp Handle ID: 3344 Operation ID: {0,469275} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3344 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3344 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar72.tmp Handle ID: 3344 Operation ID: {0,469270} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3344 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3344 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar72.tmp Handle ID: 3352 Operation ID: {0,469255} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab71.tmp Handle ID: 3344 Operation ID: {0,469254} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab71.tmp Handle ID: 3356 Operation ID: {0,469253} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab71.tmp Handle ID: 3356 Operation ID: {0,469246} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar72.tmp Handle ID: 3356 Operation ID: {0,469243} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab71.tmp Handle ID: 3356 Operation ID: {0,469239} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3352 Operation ID: {0,469206} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3352 Operation ID: {0,469168} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3400 Operation ID: {0,469125} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3372 Operation ID: {0,469082} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar70.tmp Handle ID: 3352 Operation ID: {0,469055} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6F.tmp Handle ID: 3352 Operation ID: {0,469050} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar70.tmp Handle ID: 3352 Operation ID: {0,469045} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3396 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar70.tmp Handle ID: 3372 Operation ID: {0,469030} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3396 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6F.tmp Handle ID: 3352 Operation ID: {0,469029} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6F.tmp Handle ID: 3396 Operation ID: {0,469028} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3396 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3396 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6F.tmp Handle ID: 3396 Operation ID: {0,469019} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3396 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar70.tmp Handle ID: 3396 Operation ID: {0,469018} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3396 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6F.tmp Handle ID: 3396 Operation ID: {0,469014} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3400 Operation ID: {0,468963} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3400 Operation ID: {0,468899} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6E.tmp Handle ID: 3356 Operation ID: {0,468863} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6D.tmp Handle ID: 3356 Operation ID: {0,468860} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6E.tmp Handle ID: 3356 Operation ID: {0,468857} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3396 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3396 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3396 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6E.tmp Handle ID: 3396 Operation ID: {0,468842} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6D.tmp Handle ID: 3356 Operation ID: {0,468841} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6D.tmp Handle ID: 3240 Operation ID: {0,468838} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6D.tmp Handle ID: 3240 Operation ID: {0,468833} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6E.tmp Handle ID: 3240 Operation ID: {0,468830} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6D.tmp Handle ID: 3240 Operation ID: {0,468826} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3396 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3396 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3396 Operation ID: {0,468793} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3396 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3396 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3396 Operation ID: {0,468755} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3400 Operation ID: {0,468714} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3372 Operation ID: {0,468669} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6C.tmp Handle ID: 3240 Operation ID: {0,468644} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6B.tmp Handle ID: 3240 Operation ID: {0,468641} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6C.tmp Handle ID: 3240 Operation ID: {0,468636} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6C.tmp Handle ID: 3372 Operation ID: {0,468623} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6B.tmp Handle ID: 3240 Operation ID: {0,468622} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6B.tmp Handle ID: 3356 Operation ID: {0,468621} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6B.tmp Handle ID: 3356 Operation ID: {0,468612} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6C.tmp Handle ID: 3356 Operation ID: {0,468609} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab6B.tmp Handle ID: 3356 Operation ID: {0,468605} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3400 Operation ID: {0,468552} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3400 Operation ID: {0,468491} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3396 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3396 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3396 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3396 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6A.tmp Handle ID: 3396 Operation ID: {0,468453} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3396 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3396 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3396 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3396 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab69.tmp Handle ID: 3396 Operation ID: {0,468450} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3396 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3396 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6A.tmp Handle ID: 3396 Operation ID: {0,468445} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3396 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3344 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3396 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6A.tmp Handle ID: 3356 Operation ID: {0,468432} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3344 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab69.tmp Handle ID: 3396 Operation ID: {0,468429} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab69.tmp Handle ID: 3344 Operation ID: {0,468428} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3344 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3344 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab69.tmp Handle ID: 3344 Operation ID: {0,468419} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3344 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6A.tmp Handle ID: 3344 Operation ID: {0,468418} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3344 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab69.tmp Handle ID: 3344 Operation ID: {0,468414} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3356 Operation ID: {0,468379} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3356 Operation ID: {0,468343} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3400 Operation ID: {0,468300} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar68.tmp Handle ID: 3388 Operation ID: {0,468266} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab67.tmp Handle ID: 3388 Operation ID: {0,468261} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar68.tmp Handle ID: 3388 Operation ID: {0,468256} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar68.tmp Handle ID: 3352 Operation ID: {0,468243} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab67.tmp Handle ID: 3388 Operation ID: {0,468242} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab67.tmp Handle ID: 3356 Operation ID: {0,468241} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab67.tmp Handle ID: 3356 Operation ID: {0,468232} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar68.tmp Handle ID: 3356 Operation ID: {0,468231} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab67.tmp Handle ID: 3356 Operation ID: {0,468227} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3400 Operation ID: {0,468176} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3400 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3400 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3400 Operation ID: {0,468093} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar66.tmp Handle ID: 3352 Operation ID: {0,468053} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab65.tmp Handle ID: 3352 Operation ID: {0,468048} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar66.tmp Handle ID: 3352 Operation ID: {0,468043} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3344 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar66.tmp Handle ID: 3356 Operation ID: {0,468032} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3344 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab65.tmp Handle ID: 3352 Operation ID: {0,468029} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab65.tmp Handle ID: 3344 Operation ID: {0,468028} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3344 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3344 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab65.tmp Handle ID: 3344 Operation ID: {0,468019} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3344 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar66.tmp Handle ID: 3344 Operation ID: {0,468018} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3344 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab65.tmp Handle ID: 3344 Operation ID: {0,468014} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3356 Operation ID: {0,467978} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3356 Operation ID: {0,467940} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3356 Operation ID: {0,467901} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar64.tmp Handle ID: 3376 Operation ID: {0,465208} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab63.tmp Handle ID: 3376 Operation ID: {0,465204} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar64.tmp Handle ID: 3376 Operation ID: {0,465200} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar64.tmp Handle ID: 3364 Operation ID: {0,465187} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab63.tmp Handle ID: 3376 Operation ID: {0,465186} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab63.tmp Handle ID: 3348 Operation ID: {0,465185} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab63.tmp Handle ID: 3348 Operation ID: {0,465176} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar64.tmp Handle ID: 3348 Operation ID: {0,465175} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab63.tmp Handle ID: 3348 Operation ID: {0,465171} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3372 Operation ID: {0,465118} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3372 Operation ID: {0,465057} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3256 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3256 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3256 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3256 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar62.tmp Handle ID: 3256 Operation ID: {0,465019} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3256 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3256 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3256 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3256 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab61.tmp Handle ID: 3256 Operation ID: {0,465016} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3256 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3256 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar62.tmp Handle ID: 3256 Operation ID: {0,465013} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3256 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3256 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar62.tmp Handle ID: 3348 Operation ID: {0,464998} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab61.tmp Handle ID: 3256 Operation ID: {0,464997} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab61.tmp Handle ID: 3352 Operation ID: {0,464996} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab61.tmp Handle ID: 3352 Operation ID: {0,464987} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar62.tmp Handle ID: 3352 Operation ID: {0,464986} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab61.tmp Handle ID: 3352 Operation ID: {0,464982} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3348 Operation ID: {0,464947} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3348 Operation ID: {0,464911} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3372 Operation ID: {0,464868} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3364 Operation ID: {0,464823} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar60.tmp Handle ID: 3352 Operation ID: {0,464796} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5F.tmp Handle ID: 3352 Operation ID: {0,464793} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar60.tmp Handle ID: 3352 Operation ID: {0,464790} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3256 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar60.tmp Handle ID: 3364 Operation ID: {0,464777} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3256 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5F.tmp Handle ID: 3352 Operation ID: {0,464774} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5F.tmp Handle ID: 3256 Operation ID: {0,464773} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3256 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3256 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5F.tmp Handle ID: 3256 Operation ID: {0,464766} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3256 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar60.tmp Handle ID: 3256 Operation ID: {0,464765} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3256 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5F.tmp Handle ID: 3256 Operation ID: {0,464761} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3372 Operation ID: {0,464710} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3372 Operation ID: {0,464647} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5E.tmp Handle ID: 3348 Operation ID: {0,464614} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5D.tmp Handle ID: 3348 Operation ID: {0,464611} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5E.tmp Handle ID: 3348 Operation ID: {0,464608} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3256 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3256 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3256 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5E.tmp Handle ID: 3256 Operation ID: {0,464591} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5D.tmp Handle ID: 3348 Operation ID: {0,464590} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5D.tmp Handle ID: 3356 Operation ID: {0,464589} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5D.tmp Handle ID: 3356 Operation ID: {0,464578} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5E.tmp Handle ID: 3356 Operation ID: {0,464577} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5D.tmp Handle ID: 3356 Operation ID: {0,464573} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3256 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3256 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3256 Operation ID: {0,464540} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3256 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3256 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3256 Operation ID: {0,464502} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3372 Operation ID: {0,464461} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3364 Operation ID: {0,464416} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3256 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3256 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3256 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3256 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5C.tmp Handle ID: 3256 Operation ID: {0,464389} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3256 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3256 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3256 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3256 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5B.tmp Handle ID: 3256 Operation ID: {0,464384} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3256 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3256 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5C.tmp Handle ID: 3256 Operation ID: {0,464379} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3256 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3256 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5C.tmp Handle ID: 3364 Operation ID: {0,464370} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5B.tmp Handle ID: 3256 Operation ID: {0,464367} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5B.tmp Handle ID: 3376 Operation ID: {0,464366} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5B.tmp Handle ID: 3376 Operation ID: {0,464359} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5C.tmp Handle ID: 3376 Operation ID: {0,464354} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5B.tmp Handle ID: 3376 Operation ID: {0,464352} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3372 Operation ID: {0,464299} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3372 Operation ID: {0,464238} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5A.tmp Handle ID: 3356 Operation ID: {0,464202} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab59.tmp Handle ID: 3356 Operation ID: {0,464197} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5A.tmp Handle ID: 3356 Operation ID: {0,464192} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5A.tmp Handle ID: 3376 Operation ID: {0,464181} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab59.tmp Handle ID: 3356 Operation ID: {0,464180} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab59.tmp Handle ID: 3064 Operation ID: {0,464179} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab59.tmp Handle ID: 3064 Operation ID: {0,464168} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar5A.tmp Handle ID: 3064 Operation ID: {0,464167} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab59.tmp Handle ID: 3064 Operation ID: {0,464163} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3376 Operation ID: {0,464130} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3376 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3376 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3376 Operation ID: {0,464092} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3372 Operation ID: {0,464045} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3364 Operation ID: {0,464001} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar58.tmp Handle ID: 3064 Operation ID: {0,463976} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab57.tmp Handle ID: 3064 Operation ID: {0,463971} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar58.tmp Handle ID: 3064 Operation ID: {0,463966} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar58.tmp Handle ID: 3364 Operation ID: {0,463952} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab57.tmp Handle ID: 3064 Operation ID: {0,463951} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab57.tmp Handle ID: 3352 Operation ID: {0,463950} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab57.tmp Handle ID: 3352 Operation ID: {0,463939} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar58.tmp Handle ID: 3352 Operation ID: {0,463938} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab57.tmp Handle ID: 3352 Operation ID: {0,463934} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3372 Operation ID: {0,463883} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3372 Operation ID: {0,463820} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar56.tmp Handle ID: 3356 Operation ID: {0,463784} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab55.tmp Handle ID: 3356 Operation ID: {0,463781} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar56.tmp Handle ID: 3356 Operation ID: {0,463778} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3356 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar56.tmp Handle ID: 3352 Operation ID: {0,463767} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab55.tmp Handle ID: 3356 Operation ID: {0,463764} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab55.tmp Handle ID: 3348 Operation ID: {0,463763} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3348 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab55.tmp Handle ID: 3348 Operation ID: {0,463754} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar56.tmp Handle ID: 3348 Operation ID: {0,463753} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3348 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab55.tmp Handle ID: 3348 Operation ID: {0,463749} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3352 Operation ID: {0,463714} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3352 Operation ID: {0,463676} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3372 Operation ID: {0,463635} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar54.tmp Handle ID: 3352 Operation ID: {0,463601} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab53.tmp Handle ID: 3352 Operation ID: {0,463596} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar54.tmp Handle ID: 3352 Operation ID: {0,463593} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3352 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3256 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3364 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3364 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3352 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar54.tmp Handle ID: 3364 Operation ID: {0,463580} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3256 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab53.tmp Handle ID: 3352 Operation ID: {0,463579} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab53.tmp Handle ID: 3256 Operation ID: {0,463578} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3256 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3256 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab53.tmp Handle ID: 3256 Operation ID: {0,463567} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3256 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar54.tmp Handle ID: 3256 Operation ID: {0,463566} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3256 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab53.tmp Handle ID: 3256 Operation ID: {0,463562} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3372 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3372 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3372 Operation ID: {0,463511} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3384 Operation ID: {0,463450} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3328 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3328 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3328 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3328 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar52.tmp Handle ID: 3328 Operation ID: {0,463414} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3328 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3328 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3328 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3328 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab51.tmp Handle ID: 3328 Operation ID: {0,463409} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3328 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3328 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar52.tmp Handle ID: 3328 Operation ID: {0,463406} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3328 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3344 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3344 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3344 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3328 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar52.tmp Handle ID: 3344 Operation ID: {0,463395} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab51.tmp Handle ID: 3328 Operation ID: {0,463394} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab51.tmp Handle ID: 3340 Operation ID: {0,463393} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3340 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab51.tmp Handle ID: 3340 Operation ID: {0,463390} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar52.tmp Handle ID: 3340 Operation ID: {0,463387} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3340 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab51.tmp Handle ID: 3340 Operation ID: {0,463383} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3344 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3344 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3344 Operation ID: {0,463344} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3344 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3344 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3344 Operation ID: {0,463306} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3344 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3344 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3344 Operation ID: {0,463241} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3200 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3200 Operation ID: {0,463126} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:26 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 4500 Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:47:26 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 4500 Object Type: Key Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:26 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4500 Operation ID: {0,461251} Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:20 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 4396 Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:47:20 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 4396 Object Type: Key Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:20 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4396 Operation ID: {0,385197} Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:20 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 152 Process ID: 4412 Image File Name: C:\Program Files\VMware\VMware Tools\VMwareUser.exe " 4/17/2020 11:47:20 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 152 Object Type: Key Process ID: 4412 Image File Name: C:\Program Files\VMware\VMware Tools\VMwareUser.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:20 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 152 Operation ID: {0,368872} Process ID: 4412 Image File Name: C:\Program Files\VMware\VMware Tools\VMwareUser.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:47:20 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 116 Process ID: 4412 Image File Name: C:\Program Files\VMware\VMware Tools\VMwareUser.exe " 4/17/2020 11:47:20 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 116 Object Type: Key Process ID: 4412 Image File Name: C:\Program Files\VMware\VMware Tools\VMwareUser.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:20 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 116 Operation ID: {0,368659} Process ID: 4412 Image File Name: C:\Program Files\VMware\VMware Tools\VMwareUser.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:20 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 124 Process ID: 4460 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:20 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 124 Object Type: Key Process ID: 4460 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:20 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 124 Operation ID: {0,368220} Process ID: 4460 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:20 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 120 Process ID: 4460 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:20 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 120 Object Type: Key Process ID: 4460 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:20 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 120 Operation ID: {0,368207} Process ID: 4460 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:47:20 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 92 Process ID: 4444 Image File Name: C:\WINDOWS\system32\oobechk.exe " 4/17/2020 11:47:20 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 92 Object Type: Key Process ID: 4444 Image File Name: C:\WINDOWS\system32\oobechk.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:20 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 92 Operation ID: {0,368127} Process ID: 4444 Image File Name: C:\WINDOWS\system32\oobechk.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:20 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 160 Process ID: 4428 Image File Name: C:\Program Files\VMware\VMware Tools\VMwareTray.exe " 4/17/2020 11:47:20 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 160 Object Type: Key Process ID: 4428 Image File Name: C:\Program Files\VMware\VMware Tools\VMwareTray.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:20 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 160 Operation ID: {0,367510} Process ID: 4428 Image File Name: C:\Program Files\VMware\VMware Tools\VMwareTray.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:47:20 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 124 Process ID: 4428 Image File Name: C:\Program Files\VMware\VMware Tools\VMwareTray.exe " 4/17/2020 11:47:20 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 124 Object Type: Key Process ID: 4428 Image File Name: C:\Program Files\VMware\VMware Tools\VMwareTray.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:20 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 124 Operation ID: {0,367486} Process ID: 4428 Image File Name: C:\Program Files\VMware\VMware Tools\VMwareTray.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:20 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2616 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:20 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2616 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:20 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2616 Operation ID: {0,363459} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:20 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2616 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:20 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2616 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:20 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2616 Operation ID: {0,363302} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:20 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2636 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:20 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2636 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:20 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2636 Operation ID: {0,362950} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:20 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2656 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:20 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2656 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:20 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2656 Operation ID: {0,362872} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:20 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 544 Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe " 4/17/2020 11:47:20 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 544 Object Type: Key Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:20 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 544 Operation ID: {0,362853} Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:20 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2656 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:20 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2656 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:20 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2656 Operation ID: {0,361627} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:20 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2656 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:20 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2656 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:20 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2656 Operation ID: {0,360937} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:20 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2600 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:20 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2600 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:20 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2600 Operation ID: {0,360707} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:20 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2600 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:20 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2600 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:20 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2600 Operation ID: {0,360636} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:20 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2604 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:20 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2604 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:20 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2604 Operation ID: {0,360204} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:20 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2604 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:20 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2604 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:20 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2604 Operation ID: {0,360110} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:20 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2604 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:20 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2604 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:20 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2604 Operation ID: {0,360041} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:20 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2636 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:20 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2636 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:20 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2636 Operation ID: {0,359970} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:20 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2616 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:20 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2616 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:20 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2616 Operation ID: {0,359558} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:20 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2608 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:20 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2608 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:20 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2608 Operation ID: {0,359277} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2608 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:19 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2608 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2608 Operation ID: {0,358969} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2608 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:19 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2608 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2608 Operation ID: {0,358097} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2620 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:19 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2620 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2620 Operation ID: {0,357270} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2620 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:19 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2620 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2620 Operation ID: {0,357197} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2620 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:19 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2620 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2620 Operation ID: {0,357124} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2620 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:19 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2620 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2620 Operation ID: {0,357047} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2620 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:19 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2620 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2620 Operation ID: {0,356961} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 562 AERODB\SQLServer AERODB "Handle Closed: Object Server: Security Handle ID: 1212 Process ID: 5700 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE " 4/17/2020 11:47:19 AM Security Success Audit Object Access 567 AERODB\SQLServer AERODB "Object Access Attempt: Object Server: Security Handle ID: 1212 Object Type: Key Process ID: 5700 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 560 AERODB\SQLServer AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1212 Operation ID: {0,356744} Process ID: 5700 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE Primary User Name: SQLServer Primary Domain: AERODB Primary Logon ID: (0x0,0x22B91) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2620 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:19 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2620 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2620 Operation ID: {0,356408} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 562 AERODB\SQLServer AERODB "Handle Closed: Object Server: Security Handle ID: 1044 Process ID: 5700 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE " 4/17/2020 11:47:19 AM Security Success Audit Object Access 567 AERODB\SQLServer AERODB "Object Access Attempt: Object Server: Security Handle ID: 1044 Object Type: Key Process ID: 5700 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 560 AERODB\SQLServer AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1044 Operation ID: {0,356356} Process ID: 5700 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE Primary User Name: SQLServer Primary Domain: AERODB Primary Logon ID: (0x0,0x22B91) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2604 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:19 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2604 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2604 Operation ID: {0,355441} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2604 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:19 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2604 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2604 Operation ID: {0,355134} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2604 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:19 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2604 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2604 Operation ID: {0,354536} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2604 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:19 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2604 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2604 Operation ID: {0,354465} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2604 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:19 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2604 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2604 Operation ID: {0,354400} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2604 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:19 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2604 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2604 Operation ID: {0,354331} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2604 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:19 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2604 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2604 Operation ID: {0,354266} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2604 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:19 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2604 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2604 Operation ID: {0,354198} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2600 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:19 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2600 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2600 Operation ID: {0,354124} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2600 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:19 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2600 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2600 Operation ID: {0,354036} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2600 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:19 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2600 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2600 Operation ID: {0,353938} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2600 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:19 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2600 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2600 Operation ID: {0,353647} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2608 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:19 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2608 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2608 Operation ID: {0,352514} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2608 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:19 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2608 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2608 Operation ID: {0,352448} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2600 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:19 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2600 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2600 Operation ID: {0,352315} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2600 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:19 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2600 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2600 Operation ID: {0,352241} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2600 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:19 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2600 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2600 Operation ID: {0,352130} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2612 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:19 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2612 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2612 Operation ID: {0,352060} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2612 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:19 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2612 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2612 Operation ID: {0,351958} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2620 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:19 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2620 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2620 Operation ID: {0,351839} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2620 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:19 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2620 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2620 Operation ID: {0,351743} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2620 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:19 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2620 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2620 Operation ID: {0,351425} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2620 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:19 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2620 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2620 Operation ID: {0,351316} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2620 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:19 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2620 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:19 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2620 Operation ID: {0,351178} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2620 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2620 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2620 Operation ID: {0,351105} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2616 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2616 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2616 Operation ID: {0,351015} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4344 Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4344 Object Type: File Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job Handle ID: 4344 Operation ID: {0,350869} Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2600 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 AERODB\SQLServer AERODB "Handle Closed: Object Server: Security Handle ID: 340 Process ID: 5700 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 AERODB\SQLServer AERODB "Object Access Attempt: Object Server: Security Handle ID: 340 Object Type: Key Process ID: 5700 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 AERODB\SQLServer AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 340 Operation ID: {0,350722} Process ID: 5700 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE Primary User Name: SQLServer Primary Domain: AERODB Primary Logon ID: (0x0,0x22B91) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2600 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2600 Operation ID: {0,350718} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2600 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2600 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2600 Operation ID: {0,350555} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2600 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2600 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2600 Operation ID: {0,350478} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2600 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2600 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2600 Operation ID: {0,350234} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 128 Process ID: 4488 Image File Name: C:\Program Files\Google\Update\1.3.35.452\GoogleCrashHandler.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 128 Object Type: Key Process ID: 4488 Image File Name: C:\Program Files\Google\Update\1.3.35.452\GoogleCrashHandler.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 128 Operation ID: {0,350136} Process ID: 4488 Image File Name: C:\Program Files\Google\Update\1.3.35.452\GoogleCrashHandler.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2600 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2600 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2600 Operation ID: {0,350038} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 116 Process ID: 4488 Image File Name: C:\Program Files\Google\Update\1.3.35.452\GoogleCrashHandler.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 116 Object Type: Key Process ID: 4488 Image File Name: C:\Program Files\Google\Update\1.3.35.452\GoogleCrashHandler.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 116 Operation ID: {0,349901} Process ID: 4488 Image File Name: C:\Program Files\Google\Update\1.3.35.452\GoogleCrashHandler.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2596 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2596 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2596 Operation ID: {0,349351} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 128 Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 128 Object Type: Key Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 128 Operation ID: {0,349189} Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 92 Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 92 Object Type: Key Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 92 Operation ID: {0,349120} Process ID: 4400 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2596 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2596 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2596 Operation ID: {0,348965} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2596 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2596 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2596 Operation ID: {0,348761} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2584 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2584 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2584 Operation ID: {0,348659} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x51BFD) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 144 Process ID: 4284 Image File Name: C:\Program Files\Google\Update\GoogleUpdate.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 144 Object Type: Key Process ID: 4284 Image File Name: C:\Program Files\Google\Update\GoogleUpdate.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 144 Operation ID: {0,348497} Process ID: 4284 Image File Name: C:\Program Files\Google\Update\GoogleUpdate.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 108 Process ID: 4252 Image File Name: C:\WINDOWS\system32\userinit.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 108 Object Type: Key Process ID: 4252 Image File Name: C:\WINDOWS\system32\userinit.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Memory Management Handle ID: 108 Operation ID: {0,348446} Process ID: 4252 Image File Name: C:\WINDOWS\system32\userinit.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 636 Process ID: 2720 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 636 Object Type: Key Process ID: 2720 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 636 Operation ID: {0,348234} Process ID: 2720 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 640 Process ID: 2720 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 640 Object Type: Key Process ID: 2720 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 640 Operation ID: {0,348085} Process ID: 2720 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 80 Process ID: 4252 Image File Name: C:\WINDOWS\system32\userinit.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 80 Object Type: Key Process ID: 4252 Image File Name: C:\WINDOWS\system32\userinit.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 80 Operation ID: {0,347704} Process ID: 4252 Image File Name: C:\WINDOWS\system32\userinit.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 96 Process ID: 4284 Image File Name: C:\Program Files\Google\Update\GoogleUpdate.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 96 Object Type: Key Process ID: 4284 Image File Name: C:\Program Files\Google\Update\GoogleUpdate.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 96 Operation ID: {0,347404} Process ID: 4284 Image File Name: C:\Program Files\Google\Update\GoogleUpdate.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4348 Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4348 Object Type: File Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job Handle ID: 4348 Operation ID: {0,346947} Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 124 Process ID: 2720 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 124 Object Type: Key Process ID: 2720 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 124 Operation ID: {0,343887} Process ID: 2720 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 120 Process ID: 2720 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 120 Object Type: Key Process ID: 2720 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 120 Operation ID: {0,343881} Process ID: 2720 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x51BFD) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1712 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1712 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar50.tmp Handle ID: 1712 Operation ID: {0,343653} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1712 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1712 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4F.tmp Handle ID: 1712 Operation ID: {0,343650} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1712 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar50.tmp Handle ID: 1712 Operation ID: {0,343646} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1716 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1716 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1712 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar50.tmp Handle ID: 1716 Operation ID: {0,343598} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4F.tmp Handle ID: 1712 Operation ID: {0,343596} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4F.tmp Handle ID: 3068 Operation ID: {0,343595} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4F.tmp Handle ID: 3068 Operation ID: {0,343581} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar50.tmp Handle ID: 3068 Operation ID: {0,343576} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4F.tmp Handle ID: 3068 Operation ID: {0,343570} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1792 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1792 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1792 Operation ID: {0,343202} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1420 Operation ID: {0,343185} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1712 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1712 Operation ID: {0,340887} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3236 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3236 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3236 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3236 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4E.tmp Handle ID: 3236 Operation ID: {0,340682} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3236 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3236 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3236 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3236 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4D.tmp Handle ID: 3236 Operation ID: {0,340677} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3236 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3236 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4E.tmp Handle ID: 3236 Operation ID: {0,340672} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3236 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3104 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3104 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3104 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3236 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4E.tmp Handle ID: 3104 Operation ID: {0,340661} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4D.tmp Handle ID: 3236 Operation ID: {0,340658} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4D.tmp Handle ID: 2576 Operation ID: {0,340657} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4D.tmp Handle ID: 2576 Operation ID: {0,340648} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4E.tmp Handle ID: 2576 Operation ID: {0,340645} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4D.tmp Handle ID: 2576 Operation ID: {0,340641} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3104 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3104 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3104 Operation ID: {0,340608} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3104 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3104 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3104 Operation ID: {0,340553} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1712 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1712 Operation ID: {0,340493} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1716 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1716 Operation ID: {0,338476} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4C.tmp Handle ID: 2576 Operation ID: {0,338331} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4B.tmp Handle ID: 2576 Operation ID: {0,338313} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4C.tmp Handle ID: 2576 Operation ID: {0,338286} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1716 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1716 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4C.tmp Handle ID: 1716 Operation ID: {0,338192} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4B.tmp Handle ID: 2576 Operation ID: {0,338191} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4B.tmp Handle ID: 1672 Operation ID: {0,338190} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4B.tmp Handle ID: 1672 Operation ID: {0,338186} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4C.tmp Handle ID: 1672 Operation ID: {0,338185} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab4B.tmp Handle ID: 1672 Operation ID: {0,338182} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1712 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1712 Operation ID: {0,337763} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1944 Process ID: 448 Image File Name: C:\WINDOWS\system32\winlogon.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1944 Object Type: Key Process ID: 448 Image File Name: C:\WINDOWS\system32\winlogon.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1944 Operation ID: {0,336818} Process ID: 448 Image File Name: C:\WINDOWS\system32\winlogon.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3104 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3104 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3104 Operation ID: {0,336752} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1960 Process ID: 448 Image File Name: C:\WINDOWS\system32\winlogon.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1960 Object Type: Key Process ID: 448 Image File Name: C:\WINDOWS\system32\winlogon.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1960 Operation ID: {0,336581} Process ID: 448 Image File Name: C:\WINDOWS\system32\winlogon.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4A.tmp Handle ID: 1672 Operation ID: {0,336445} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab49.tmp Handle ID: 1672 Operation ID: {0,336438} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4A.tmp Handle ID: 1672 Operation ID: {0,336433} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3236 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4A.tmp Handle ID: 2576 Operation ID: {0,336418} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3236 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab49.tmp Handle ID: 1672 Operation ID: {0,336415} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab49.tmp Handle ID: 3236 Operation ID: {0,336414} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3236 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3236 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab49.tmp Handle ID: 3236 Operation ID: {0,335970} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1456 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4A.tmp Handle ID: 1456 Operation ID: {0,335965} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1456 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab49.tmp Handle ID: 1456 Operation ID: {0,335922} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2052 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2052 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2052 Operation ID: {0,335836} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 100 Process ID: 2296 Image File Name: C:\WINDOWS\system32\mpnotify.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 100 Object Type: Key Process ID: 2296 Image File Name: C:\WINDOWS\system32\mpnotify.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 100 Operation ID: {0,335738} Process ID: 2296 Image File Name: C:\WINDOWS\system32\mpnotify.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2844 Operation ID: {0,335632} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3236 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:18 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3236 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:18 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3236 Operation ID: {0,335319} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:17 AM Security Success Audit Logon/Logoff 538 NT AUTHORITY\ANONYMOUS LOGON AERODB "User Logoff: User Name: ANONYMOUS LOGON Domain: NT AUTHORITY Logon ID: (0x0,0x19115) Logon Type: 3 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1420 Operation ID: {0,334908} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Logon/Logoff 576 AERODB\Administrator AERODB "Special privileges assigned to new logon: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x51BFD) Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege" 4/17/2020 11:47:16 AM Security Success Audit Logon/Logoff 528 AERODB\Administrator AERODB "Successful Logon: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x51BFD) Logon Type: 2 Logon Process: User32 Authentication Package: Negotiate Workstation Name: AERODB Logon GUID: - Caller User Name: AERODB$ Caller Domain: AIS Caller Logon ID: (0x0,0x3E7) Caller Process ID: 448 Transited Services: - Source Network Address: 127.0.0.1 Source Port: 0 " 4/17/2020 11:47:16 AM Security Success Audit Logon/Logoff 552 NT AUTHORITY\SYSTEM AERODB "Logon attempt using explicit credentials: Logged on user: User Name: AERODB$ Domain: AIS Logon ID: (0x0,0x3E7) Logon GUID: - User whose credentials were used: Target User Name: Administrator Target Domain: AERODB Target Logon GUID: - Target Server Name: localhost Target Server Info: localhost Caller Process ID: 448 Source Network Address: 127.0.0.1 Source Port: 0 " 4/17/2020 11:47:16 AM Security Success Audit Account Logon 680 AERODB\Administrator AERODB "Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: administrator Source Workstation: AERODB Error Code: 0x0 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1456 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1456 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1456 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1456 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar48.tmp Handle ID: 1456 Operation ID: {0,334838} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1456 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1456 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1456 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1456 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab47.tmp Handle ID: 1456 Operation ID: {0,334837} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1456 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1456 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar48.tmp Handle ID: 1456 Operation ID: {0,334836} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1456 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1456 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar48.tmp Handle ID: 1420 Operation ID: {0,334824} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab47.tmp Handle ID: 1456 Operation ID: {0,334823} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab47.tmp Handle ID: 2572 Operation ID: {0,334822} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab47.tmp Handle ID: 2572 Operation ID: {0,334811} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar48.tmp Handle ID: 2572 Operation ID: {0,334810} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab47.tmp Handle ID: 2572 Operation ID: {0,334806} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3200 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3200 Operation ID: {0,334753} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3200 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3200 Operation ID: {0,334692} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1792 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1792 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1792 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1792 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar46.tmp Handle ID: 1792 Operation ID: {0,334656} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1792 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1792 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1792 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1792 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab45.tmp Handle ID: 1792 Operation ID: {0,334651} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1792 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1792 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar46.tmp Handle ID: 1792 Operation ID: {0,334646} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1792 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1792 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar46.tmp Handle ID: 2572 Operation ID: {0,334633} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab45.tmp Handle ID: 1792 Operation ID: {0,334630} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab45.tmp Handle ID: 2580 Operation ID: {0,334629} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab45.tmp Handle ID: 2580 Operation ID: {0,334618} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar46.tmp Handle ID: 2580 Operation ID: {0,334617} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab45.tmp Handle ID: 2580 Operation ID: {0,334613} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2572 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2572 Operation ID: {0,334580} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2572 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2572 Operation ID: {0,334542} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3200 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3200 Operation ID: {0,334499} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1420 Operation ID: {0,334453} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar44.tmp Handle ID: 2572 Operation ID: {0,334420} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab43.tmp Handle ID: 2572 Operation ID: {0,334417} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar44.tmp Handle ID: 2572 Operation ID: {0,334412} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2572 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2572 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar44.tmp Handle ID: 1420 Operation ID: {0,334397} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab43.tmp Handle ID: 2572 Operation ID: {0,334396} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab43.tmp Handle ID: 2576 Operation ID: {0,334395} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab43.tmp Handle ID: 2576 Operation ID: {0,334386} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar44.tmp Handle ID: 2576 Operation ID: {0,334383} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab43.tmp Handle ID: 2576 Operation ID: {0,334379} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3200 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3200 Operation ID: {0,334328} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3200 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3200 Operation ID: {0,334263} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar42.tmp Handle ID: 2580 Operation ID: {0,334227} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab41.tmp Handle ID: 2580 Operation ID: {0,334222} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar42.tmp Handle ID: 2580 Operation ID: {0,334217} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar42.tmp Handle ID: 2576 Operation ID: {0,334203} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab41.tmp Handle ID: 2580 Operation ID: {0,334201} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab41.tmp Handle ID: 2844 Operation ID: {0,334200} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab41.tmp Handle ID: 2844 Operation ID: {0,334189} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar42.tmp Handle ID: 2844 Operation ID: {0,334186} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab41.tmp Handle ID: 2844 Operation ID: {0,334182} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2576 Operation ID: {0,334149} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2576 Operation ID: {0,334113} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3200 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3200 Operation ID: {0,334072} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar40.tmp Handle ID: 2576 Operation ID: {0,334038} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3F.tmp Handle ID: 2576 Operation ID: {0,334033} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar40.tmp Handle ID: 2576 Operation ID: {0,334030} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1456 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar40.tmp Handle ID: 1420 Operation ID: {0,334013} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1456 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3F.tmp Handle ID: 2576 Operation ID: {0,334012} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3F.tmp Handle ID: 1456 Operation ID: {0,334011} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1456 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1456 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3F.tmp Handle ID: 1456 Operation ID: {0,334000} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1456 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar40.tmp Handle ID: 1456 Operation ID: {0,333999} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1456 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3F.tmp Handle ID: 1456 Operation ID: {0,333995} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3200 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3200 Operation ID: {0,333942} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3200 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3200 Operation ID: {0,333881} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3E.tmp Handle ID: 2844 Operation ID: {0,333847} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3D.tmp Handle ID: 2844 Operation ID: {0,333844} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3E.tmp Handle ID: 2844 Operation ID: {0,333839} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1792 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1456 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1456 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1456 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3E.tmp Handle ID: 1456 Operation ID: {0,333826} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1792 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3D.tmp Handle ID: 2844 Operation ID: {0,333825} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3D.tmp Handle ID: 1792 Operation ID: {0,333822} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1792 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1792 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3D.tmp Handle ID: 1792 Operation ID: {0,333811} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1792 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3E.tmp Handle ID: 1792 Operation ID: {0,333808} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1792 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3D.tmp Handle ID: 1792 Operation ID: {0,333804} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1456 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1456 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1456 Operation ID: {0,333771} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1456 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1456 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1456 Operation ID: {0,333735} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1456 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:16 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1456 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:16 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1456 Operation ID: {0,333694} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2568 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2568 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2568 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2568 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3C.tmp Handle ID: 2568 Operation ID: {0,333553} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2568 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2568 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2568 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2568 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3B.tmp Handle ID: 2568 Operation ID: {0,333550} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2568 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2568 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3C.tmp Handle ID: 2568 Operation ID: {0,333545} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2568 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2568 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3C.tmp Handle ID: 2576 Operation ID: {0,333530} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3200 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3B.tmp Handle ID: 2568 Operation ID: {0,333527} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3B.tmp Handle ID: 3200 Operation ID: {0,333526} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3200 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3B.tmp Handle ID: 3200 Operation ID: {0,333517} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3C.tmp Handle ID: 3200 Operation ID: {0,333512} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3B.tmp Handle ID: 3200 Operation ID: {0,333510} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2844 Operation ID: {0,333459} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2844 Operation ID: {0,333396} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3A.tmp Handle ID: 2580 Operation ID: {0,333356} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab39.tmp Handle ID: 2580 Operation ID: {0,333353} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3A.tmp Handle ID: 2580 Operation ID: {0,333348} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3200 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3200 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3A.tmp Handle ID: 3200 Operation ID: {0,333333} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab39.tmp Handle ID: 2580 Operation ID: {0,333330} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab39.tmp Handle ID: 2056 Operation ID: {0,333329} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab39.tmp Handle ID: 2056 Operation ID: {0,333318} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3A.tmp Handle ID: 2056 Operation ID: {0,333317} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab39.tmp Handle ID: 2056 Operation ID: {0,333311} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3200 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3200 Operation ID: {0,333278} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3200 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3200 Operation ID: {0,333240} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2844 Operation ID: {0,333199} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2576 Operation ID: {0,333155} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3200 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3200 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar38.tmp Handle ID: 3200 Operation ID: {0,333128} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3200 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3200 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab37.tmp Handle ID: 3200 Operation ID: {0,333123} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3200 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar38.tmp Handle ID: 3200 Operation ID: {0,333120} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3200 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar38.tmp Handle ID: 2576 Operation ID: {0,333103} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab37.tmp Handle ID: 3200 Operation ID: {0,333100} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab37.tmp Handle ID: 1420 Operation ID: {0,333099} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab37.tmp Handle ID: 1420 Operation ID: {0,333088} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar38.tmp Handle ID: 1420 Operation ID: {0,333087} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab37.tmp Handle ID: 1420 Operation ID: {0,333083} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2844 Operation ID: {0,333030} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2844 Operation ID: {0,332969} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar36.tmp Handle ID: 2056 Operation ID: {0,332937} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab35.tmp Handle ID: 2056 Operation ID: {0,332932} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar36.tmp Handle ID: 2056 Operation ID: {0,332927} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1456 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar36.tmp Handle ID: 1420 Operation ID: {0,332912} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1456 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab35.tmp Handle ID: 2056 Operation ID: {0,332909} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab35.tmp Handle ID: 1456 Operation ID: {0,332908} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1456 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1456 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab35.tmp Handle ID: 1456 Operation ID: {0,332897} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1456 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar36.tmp Handle ID: 1456 Operation ID: {0,332896} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1456 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab35.tmp Handle ID: 1456 Operation ID: {0,332892} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1420 Operation ID: {0,332859} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1420 Operation ID: {0,332823} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2844 Operation ID: {0,332780} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2576 Operation ID: {0,332737} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1456 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1456 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1456 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1456 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34.tmp Handle ID: 1456 Operation ID: {0,332708} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1456 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1456 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1456 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1456 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33.tmp Handle ID: 1456 Operation ID: {0,332703} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1456 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1456 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34.tmp Handle ID: 1456 Operation ID: {0,332698} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1456 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2568 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1456 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34.tmp Handle ID: 2576 Operation ID: {0,332683} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2568 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33.tmp Handle ID: 1456 Operation ID: {0,332680} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33.tmp Handle ID: 2568 Operation ID: {0,332679} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2568 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2568 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33.tmp Handle ID: 2568 Operation ID: {0,332672} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2568 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34.tmp Handle ID: 2568 Operation ID: {0,332667} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2568 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33.tmp Handle ID: 2568 Operation ID: {0,332663} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2844 Operation ID: {0,332612} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2844 Operation ID: {0,332536} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar32.tmp Handle ID: 2056 Operation ID: {0,332488} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab31.tmp Handle ID: 2056 Operation ID: {0,332483} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar32.tmp Handle ID: 2056 Operation ID: {0,332478} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2568 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2568 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2568 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar32.tmp Handle ID: 2568 Operation ID: {0,332465} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab31.tmp Handle ID: 2056 Operation ID: {0,332462} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab31.tmp Handle ID: 2580 Operation ID: {0,332461} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab31.tmp Handle ID: 2580 Operation ID: {0,332450} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar32.tmp Handle ID: 2580 Operation ID: {0,332449} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab31.tmp Handle ID: 2580 Operation ID: {0,332445} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2568 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2568 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2568 Operation ID: {0,332412} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2568 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2568 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2568 Operation ID: {0,332374} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2844 Operation ID: {0,332333} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2576 Operation ID: {0,332288} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2568 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2568 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2568 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2568 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar30.tmp Handle ID: 2568 Operation ID: {0,332248} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2568 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2568 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2568 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2568 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2F.tmp Handle ID: 2568 Operation ID: {0,332245} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2568 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2568 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar30.tmp Handle ID: 2568 Operation ID: {0,332240} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2568 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2568 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar30.tmp Handle ID: 2576 Operation ID: {0,332225} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3200 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2F.tmp Handle ID: 2568 Operation ID: {0,332224} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2F.tmp Handle ID: 3200 Operation ID: {0,332223} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3200 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2F.tmp Handle ID: 3200 Operation ID: {0,332212} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar30.tmp Handle ID: 3200 Operation ID: {0,332211} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2F.tmp Handle ID: 3200 Operation ID: {0,332207} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2844 Operation ID: {0,332143} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2844 Operation ID: {0,332071} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2E.tmp Handle ID: 2580 Operation ID: {0,332024} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2D.tmp Handle ID: 2580 Operation ID: {0,332019} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2E.tmp Handle ID: 2580 Operation ID: {0,332016} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2580 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3200 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3200 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2580 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2E.tmp Handle ID: 3200 Operation ID: {0,332002} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2D.tmp Handle ID: 2580 Operation ID: {0,332000} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2D.tmp Handle ID: 1420 Operation ID: {0,331999} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2D.tmp Handle ID: 1420 Operation ID: {0,331988} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2E.tmp Handle ID: 1420 Operation ID: {0,331987} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2D.tmp Handle ID: 1420 Operation ID: {0,331983} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3200 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3200 Operation ID: {0,331948} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3200 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3200 Operation ID: {0,331912} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2844 Operation ID: {0,331869} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3200 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3200 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2C.tmp Handle ID: 3200 Operation ID: {0,331824} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3200 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3200 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2B.tmp Handle ID: 3200 Operation ID: {0,331821} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3200 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2C.tmp Handle ID: 3200 Operation ID: {0,331816} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1456 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2576 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2576 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3200 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2C.tmp Handle ID: 2576 Operation ID: {0,331803} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1456 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2B.tmp Handle ID: 3200 Operation ID: {0,331802} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2B.tmp Handle ID: 1456 Operation ID: {0,331801} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1456 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1456 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2B.tmp Handle ID: 1456 Operation ID: {0,331790} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1456 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2C.tmp Handle ID: 1456 Operation ID: {0,331787} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1456 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab2B.tmp Handle ID: 1456 Operation ID: {0,331783} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2844 Operation ID: {0,331721} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2844 Operation ID: {0,331645} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2A.tmp Handle ID: 1420 Operation ID: {0,331467} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab29.tmp Handle ID: 1420 Operation ID: {0,331453} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2A.tmp Handle ID: 1420 Operation ID: {0,331441} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1456 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1456 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1456 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1420 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2A.tmp Handle ID: 1456 Operation ID: {0,331373} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab29.tmp Handle ID: 1420 Operation ID: {0,331365} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab29.tmp Handle ID: 2056 Operation ID: {0,331364} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2056 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab29.tmp Handle ID: 2056 Operation ID: {0,331342} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2A.tmp Handle ID: 2056 Operation ID: {0,331336} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2056 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab29.tmp Handle ID: 2056 Operation ID: {0,331324} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1456 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1456 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1456 Operation ID: {0,331108} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1456 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1456 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1456 Operation ID: {0,330899} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1420 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1420 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1420 Operation ID: {0,330835} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3200 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3200 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar28.tmp Handle ID: 3200 Operation ID: {0,330666} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3200 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3200 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab27.tmp Handle ID: 3200 Operation ID: {0,330665} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3200 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar28.tmp Handle ID: 3200 Operation ID: {0,330664} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2840 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1792 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1792 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar26.tmp Handle ID: 2844 Operation ID: {0,330663} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab25.tmp Handle ID: 2844 Operation ID: {0,330662} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar26.tmp Handle ID: 2844 Operation ID: {0,330661} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3244 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3244 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1792 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3200 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar28.tmp Handle ID: 1792 Operation ID: {0,330660} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2840 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab27.tmp Handle ID: 3200 Operation ID: {0,330659} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab27.tmp Handle ID: 2840 Operation ID: {0,330658} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2840 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2840 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab27.tmp Handle ID: 2840 Operation ID: {0,330655} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2840 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar28.tmp Handle ID: 2840 Operation ID: {0,330652} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2840 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab27.tmp Handle ID: 2840 Operation ID: {0,330650} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3244 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar26.tmp Handle ID: 3244 Operation ID: {0,330610} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1716 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab25.tmp Handle ID: 2844 Operation ID: {0,330609} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab25.tmp Handle ID: 1716 Operation ID: {0,330606} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3244 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3244 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab25.tmp Handle ID: 3244 Operation ID: {0,330592} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3100 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar26.tmp Handle ID: 3100 Operation ID: {0,330586} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2848 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab25.tmp Handle ID: 2848 Operation ID: {0,330574} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2848 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2848 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2848 Operation ID: {0,330552} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3252 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3252 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3252 Operation ID: {0,330501} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3232 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3232 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3232 Operation ID: {0,330393} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3064 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3064 Operation ID: {0,330355} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3040 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3040 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3040 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3040 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar24.tmp Handle ID: 3040 Operation ID: {0,330264} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3040 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3040 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3040 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3040 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab23.tmp Handle ID: 3040 Operation ID: {0,330259} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3040 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3040 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar24.tmp Handle ID: 3040 Operation ID: {0,330256} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3040 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3236 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3120 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3120 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3120 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3040 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar24.tmp Handle ID: 3120 Operation ID: {0,330213} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3236 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab23.tmp Handle ID: 3040 Operation ID: {0,330212} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab23.tmp Handle ID: 3236 Operation ID: {0,330211} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3236 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3236 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab23.tmp Handle ID: 3236 Operation ID: {0,330208} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3236 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar24.tmp Handle ID: 3236 Operation ID: {0,330205} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3236 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab23.tmp Handle ID: 3236 Operation ID: {0,330201} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3200 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3200 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar22.tmp Handle ID: 3200 Operation ID: {0,330177} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3200 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3120 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3120 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3120 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3120 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab21.tmp Handle ID: 3120 Operation ID: {0,330167} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3120 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3200 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3200 Operation ID: {0,330166} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3120 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar22.tmp Handle ID: 3120 Operation ID: {0,330163} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3236 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3120 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3108 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3108 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2840 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2840 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2840 Operation ID: {0,330129} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3108 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3236 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar22.tmp Handle ID: 3108 Operation ID: {0,330111} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3120 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab21.tmp Handle ID: 3236 Operation ID: {0,330108} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab21.tmp Handle ID: 3120 Operation ID: {0,330107} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3120 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3120 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab21.tmp Handle ID: 3120 Operation ID: {0,330098} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3120 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar22.tmp Handle ID: 3120 Operation ID: {0,330093} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3120 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab21.tmp Handle ID: 3120 Operation ID: {0,330091} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3108 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3108 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3108 Operation ID: {0,330058} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3108 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3108 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3108 Operation ID: {0,330022} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3320 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3320 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3320 Operation ID: {0,329970} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3300 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3300 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3300 Operation ID: {0,329946} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3104 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3104 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3104 Operation ID: {0,329810} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1792 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1792 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1792 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1792 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar20.tmp Handle ID: 1792 Operation ID: {0,329770} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1792 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1792 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1792 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1792 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1F.tmp Handle ID: 1792 Operation ID: {0,329765} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1792 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1792 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar20.tmp Handle ID: 1792 Operation ID: {0,329760} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1792 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3244 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3104 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3104 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3104 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1792 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar20.tmp Handle ID: 3104 Operation ID: {0,329741} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3244 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1F.tmp Handle ID: 1792 Operation ID: {0,329738} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1F.tmp Handle ID: 3244 Operation ID: {0,329734} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3104 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3104 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1F.tmp Handle ID: 3104 Operation ID: {0,329711} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3104 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar20.tmp Handle ID: 3104 Operation ID: {0,329703} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3244 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3244 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3244 Operation ID: {0,329686} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3100 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1F.tmp Handle ID: 3100 Operation ID: {0,329680} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2848 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2848 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2848 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2848 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1E.tmp Handle ID: 2848 Operation ID: {0,329613} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1D.tmp Handle ID: 3064 Operation ID: {0,329605} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1E.tmp Handle ID: 3064 Operation ID: {0,329601} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3252 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3040 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3040 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3040 Operation ID: {0,329576} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1E.tmp Handle ID: 3116 Operation ID: {0,329563} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3252 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1D.tmp Handle ID: 3064 Operation ID: {0,329560} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1D.tmp Handle ID: 3252 Operation ID: {0,329559} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3252 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3252 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1D.tmp Handle ID: 3252 Operation ID: {0,329550} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3252 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1E.tmp Handle ID: 3252 Operation ID: {0,329547} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3252 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1D.tmp Handle ID: 3252 Operation ID: {0,329543} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2844 Operation ID: {0,329481} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2844 Operation ID: {0,329407} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2844 Operation ID: {0,329335} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3104 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3104 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3104 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3104 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1C.tmp Handle ID: 3104 Operation ID: {0,329282} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3104 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3104 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3104 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3104 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1B.tmp Handle ID: 3104 Operation ID: {0,329279} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3104 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3104 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1C.tmp Handle ID: 3104 Operation ID: {0,329274} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3104 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3104 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1C.tmp Handle ID: 3240 Operation ID: {0,329254} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1B.tmp Handle ID: 3104 Operation ID: {0,329253} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1B.tmp Handle ID: 3068 Operation ID: {0,329250} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1B.tmp Handle ID: 3068 Operation ID: {0,329243} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1C.tmp Handle ID: 3068 Operation ID: {0,329238} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1B.tmp Handle ID: 3068 Operation ID: {0,329231} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2848 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2848 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2848 Operation ID: {0,329172} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2848 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2848 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2848 Operation ID: {0,329140} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3104 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3104 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3104 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3104 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1A.tmp Handle ID: 3104 Operation ID: {0,329132} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3252 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3252 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3252 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3252 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab19.tmp Handle ID: 3252 Operation ID: {0,329131} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1716 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1A.tmp Handle ID: 1716 Operation ID: {0,329130} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3100 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2840 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2840 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3064 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3064 Operation ID: {0,329094} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2840 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1716 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1A.tmp Handle ID: 2840 Operation ID: {0,329079} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3100 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab19.tmp Handle ID: 1716 Operation ID: {0,329078} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab19.tmp Handle ID: 3100 Operation ID: {0,329077} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3100 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3100 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab19.tmp Handle ID: 3100 Operation ID: {0,329066} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3100 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar1A.tmp Handle ID: 3100 Operation ID: {0,329063} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3100 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab19.tmp Handle ID: 3100 Operation ID: {0,329059} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2840 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2840 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2840 Operation ID: {0,329024} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2840 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2840 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2840 Operation ID: {0,328986} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3260 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3260 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3260 Operation ID: {0,328945} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3116 Operation ID: {0,328885} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar18.tmp Handle ID: 3068 Operation ID: {0,328847} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab17.tmp Handle ID: 3068 Operation ID: {0,328842} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar18.tmp Handle ID: 3068 Operation ID: {0,328839} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3252 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar18.tmp Handle ID: 3116 Operation ID: {0,328824} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3252 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab17.tmp Handle ID: 3068 Operation ID: {0,328823} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab17.tmp Handle ID: 3252 Operation ID: {0,328822} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3252 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3252 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab17.tmp Handle ID: 3252 Operation ID: {0,328811} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3252 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar18.tmp Handle ID: 3252 Operation ID: {0,328810} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3252 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab17.tmp Handle ID: 3252 Operation ID: {0,328806} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2840 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1672 Operation ID: {0,328712} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2840 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2840 Operation ID: {0,328687} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1792 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1792 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1792 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1792 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar16.tmp Handle ID: 1792 Operation ID: {0,328645} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1792 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1792 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1792 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1792 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab15.tmp Handle ID: 1792 Operation ID: {0,328642} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1792 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1792 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar16.tmp Handle ID: 1792 Operation ID: {0,328637} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1792 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2840 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2840 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2840 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1792 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar16.tmp Handle ID: 2840 Operation ID: {0,328616} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab15.tmp Handle ID: 1792 Operation ID: {0,328615} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab15.tmp Handle ID: 3064 Operation ID: {0,328612} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3064 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab15.tmp Handle ID: 3064 Operation ID: {0,328605} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar16.tmp Handle ID: 3064 Operation ID: {0,328600} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3064 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab15.tmp Handle ID: 3064 Operation ID: {0,328598} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3196 Operation ID: {0,328536} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3108 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3108 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3108 Operation ID: {0,328453} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2844 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2844 Operation ID: {0,328390} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1712 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1712 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar14.tmp Handle ID: 1712 Operation ID: {0,328337} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2840 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2840 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2840 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2840 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab13.tmp Handle ID: 2840 Operation ID: {0,328331} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2840 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2840 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar14.tmp Handle ID: 2840 Operation ID: {0,328326} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2840 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3120 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3120 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3120 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3108 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3108 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3108 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3108 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar12.tmp Handle ID: 3108 Operation ID: {0,328280} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3108 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3108 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3108 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3108 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab11.tmp Handle ID: 3108 Operation ID: {0,328279} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3108 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3108 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar12.tmp Handle ID: 3108 Operation ID: {0,328278} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2840 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar14.tmp Handle ID: 3120 Operation ID: {0,328277} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3120 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3108 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab13.tmp Handle ID: 2840 Operation ID: {0,328276} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2840 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab13.tmp Handle ID: 3196 Operation ID: {0,328275} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2840 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab13.tmp Handle ID: 3196 Operation ID: {0,328272} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar14.tmp Handle ID: 3196 Operation ID: {0,328271} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab13.tmp Handle ID: 3196 Operation ID: {0,328265} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2840 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3120 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar12.tmp Handle ID: 2840 Operation ID: {0,328230} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3108 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab11.tmp Handle ID: 3120 Operation ID: {0,328227} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3120 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab11.tmp Handle ID: 3108 Operation ID: {0,328226} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3108 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3108 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab11.tmp Handle ID: 3108 Operation ID: {0,328215} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3108 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar12.tmp Handle ID: 3108 Operation ID: {0,328212} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3108 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab11.tmp Handle ID: 3108 Operation ID: {0,328206} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3120 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3120 Operation ID: {0,328203} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3196 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3196 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3196 Operation ID: {0,328147} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3108 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3108 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3108 Operation ID: {0,328125} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3240 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3240 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3240 Operation ID: {0,328092} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3236 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3236 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3236 Operation ID: {0,328042} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3232 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3232 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3232 Operation ID: {0,328016} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3128 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3128 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3128 Operation ID: {0,327961} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar10.tmp Handle ID: 2836 Operation ID: {0,327921} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabF.tmp Handle ID: 2836 Operation ID: {0,327916} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar10.tmp Handle ID: 2836 Operation ID: {0,327911} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3128 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3128 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3128 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar10.tmp Handle ID: 3128 Operation ID: {0,327898} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1712 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabF.tmp Handle ID: 2836 Operation ID: {0,327895} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabF.tmp Handle ID: 1712 Operation ID: {0,327894} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1712 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabF.tmp Handle ID: 1712 Operation ID: {0,327883} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar10.tmp Handle ID: 1712 Operation ID: {0,327880} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabF.tmp Handle ID: 1712 Operation ID: {0,327876} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1792 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1792 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1792 Operation ID: {0,327788} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1716 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1716 Operation ID: {0,327753} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarE.tmp Handle ID: 2844 Operation ID: {0,327725} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabD.tmp Handle ID: 2844 Operation ID: {0,327722} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarE.tmp Handle ID: 2844 Operation ID: {0,327719} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3120 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1716 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1716 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarE.tmp Handle ID: 1716 Operation ID: {0,327702} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3120 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabD.tmp Handle ID: 2844 Operation ID: {0,327701} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabD.tmp Handle ID: 3120 Operation ID: {0,327700} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3120 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3120 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabD.tmp Handle ID: 3120 Operation ID: {0,327689} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3120 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarE.tmp Handle ID: 3120 Operation ID: {0,327686} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3120 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabD.tmp Handle ID: 3120 Operation ID: {0,327682} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3112 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3112 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3112 Operation ID: {0,327620} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1672 Operation ID: {0,327539} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3112 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3112 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3112 Operation ID: {0,327473} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1716 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1716 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarA.tmp Handle ID: 1716 Operation ID: {0,327386} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1716 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1716 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab9.tmp Handle ID: 1716 Operation ID: {0,327385} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1716 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarA.tmp Handle ID: 1716 Operation ID: {0,327384} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarC.tmp Handle ID: 3068 Operation ID: {0,327377} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabB.tmp Handle ID: 3068 Operation ID: {0,327372} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarC.tmp Handle ID: 3068 Operation ID: {0,327371} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3040 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2836 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1792 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1792 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2836 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1792 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3068 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarC.tmp Handle ID: 2836 Operation ID: {0,327368} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3040 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabB.tmp Handle ID: 3068 Operation ID: {0,327367} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabB.tmp Handle ID: 3040 Operation ID: {0,327366} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1716 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarA.tmp Handle ID: 1792 Operation ID: {0,327363} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab9.tmp Handle ID: 1716 Operation ID: {0,327360} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab9.tmp Handle ID: 1672 Operation ID: {0,327359} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabB.tmp Handle ID: 1672 Operation ID: {0,327347} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarC.tmp Handle ID: 1672 Operation ID: {0,327345} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\CabB.tmp Handle ID: 1672 Operation ID: {0,327337} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab9.tmp Handle ID: 1672 Operation ID: {0,327328} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\TarA.tmp Handle ID: 3068 Operation ID: {0,327317} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3068 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab9.tmp Handle ID: 3068 Operation ID: {0,327293} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1672 Operation ID: {0,327283} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3120 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3120 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3120 Operation ID: {0,327228} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1716 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1716 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1716 Operation ID: {0,327207} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3120 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3120 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3120 Operation ID: {0,327166} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3208 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3208 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3208 Operation ID: {0,327135} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3204 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3204 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3204 Operation ID: {0,327097} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar8.tmp Handle ID: 3116 Operation ID: {0,327002} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab7.tmp Handle ID: 3116 Operation ID: {0,327001} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar8.tmp Handle ID: 3116 Operation ID: {0,326998} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3104 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3112 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3112 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6.tmp Handle ID: 2844 Operation ID: {0,326997} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5.tmp Handle ID: 2844 Operation ID: {0,326996} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3112 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6.tmp Handle ID: 2844 Operation ID: {0,326995} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2844 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar8.tmp Handle ID: 3112 Operation ID: {0,326988} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3104 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab7.tmp Handle ID: 3116 Operation ID: {0,326987} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab7.tmp Handle ID: 3104 Operation ID: {0,326984} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3104 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab7.tmp Handle ID: 3116 Operation ID: {0,326973} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar8.tmp Handle ID: 3116 Operation ID: {0,326970} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3112 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab7.tmp Handle ID: 3112 Operation ID: {0,326964} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3116 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2844 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6.tmp Handle ID: 3116 Operation ID: {0,326915} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3104 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5.tmp Handle ID: 2844 Operation ID: {0,326913} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5.tmp Handle ID: 3104 Operation ID: {0,326911} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3128 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3128 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5.tmp Handle ID: 3128 Operation ID: {0,326888} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3100 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3128 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar6.tmp Handle ID: 3128 Operation ID: {0,326867} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3100 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3100 Operation ID: {0,326874} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3116 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab5.tmp Handle ID: 3116 Operation ID: {0,326863} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1712 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1712 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1712 Operation ID: {0,326801} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3184 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3176 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3184 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3184 Operation ID: {0,326660} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3176 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3176 Operation ID: {0,326657} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 562 AERODB\SQLServer AERODB "Handle Closed: Object Server: Security Handle ID: 2024 Process ID: 2792 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe " 4/17/2020 11:47:14 AM Security Success Audit Object Access 567 AERODB\SQLServer AERODB "Object Access Attempt: Object Server: Security Handle ID: 2024 Object Type: Key Process ID: 2792 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 560 AERODB\SQLServer AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2024 Operation ID: {0,325694} Process ID: 2792 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe Primary User Name: SQLServer Primary Domain: AERODB Primary Logon ID: (0x0,0x19B93) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 562 AERODB\SQLServer AERODB "Handle Closed: Object Server: Security Handle ID: 2024 Process ID: 2792 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe " 4/17/2020 11:47:14 AM Security Success Audit Object Access 567 AERODB\SQLServer AERODB "Object Access Attempt: Object Server: Security Handle ID: 2024 Object Type: Key Process ID: 2792 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 560 AERODB\SQLServer AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2024 Operation ID: {0,325657} Process ID: 2792 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe Primary User Name: SQLServer Primary Domain: AERODB Primary Logon ID: (0x0,0x19B93) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 562 AERODB\SQLServer AERODB "Handle Closed: Object Server: Security Handle ID: 2024 Process ID: 2792 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe " 4/17/2020 11:47:14 AM Security Success Audit Object Access 567 AERODB\SQLServer AERODB "Object Access Attempt: Object Server: Security Handle ID: 2024 Object Type: Key Process ID: 2792 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 560 AERODB\SQLServer AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2024 Operation ID: {0,325618} Process ID: 2792 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe Primary User Name: SQLServer Primary Domain: AERODB Primary Logon ID: (0x0,0x19B93) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 562 AERODB\SQLServer AERODB "Handle Closed: Object Server: Security Handle ID: 1864 Process ID: 2792 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe " 4/17/2020 11:47:14 AM Security Success Audit Object Access 567 AERODB\SQLServer AERODB "Object Access Attempt: Object Server: Security Handle ID: 1864 Object Type: Key Process ID: 2792 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:14 AM Security Success Audit Object Access 560 AERODB\SQLServer AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1864 Operation ID: {0,323465} Process ID: 2792 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe Primary User Name: SQLServer Primary Domain: AERODB Primary Logon ID: (0x0,0x19B93) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:13 AM Security Success Audit Object Access 562 AERODB\SQLServer AERODB "Handle Closed: Object Server: Security Handle ID: 1688 Process ID: 2792 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe " 4/17/2020 11:47:13 AM Security Success Audit Object Access 567 AERODB\SQLServer AERODB "Object Access Attempt: Object Server: Security Handle ID: 1688 Object Type: Key Process ID: 2792 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:13 AM Security Success Audit Object Access 560 AERODB\SQLServer AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 1688 Operation ID: {0,322545} Process ID: 2792 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe Primary User Name: SQLServer Primary Domain: AERODB Primary Logon ID: (0x0,0x19B93) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2592 Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:47:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2592 Object Type: Key Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2592 Operation ID: {0,321556} Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: AERODB$ Client Domain: AIS Client Logon ID: (0x0,0x3E7) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4216 Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:47:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4216 Object Type: Key Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4216 Operation ID: {0,318886} Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: AERODB$ Client Domain: AIS Client Logon ID: (0x0,0x3E7) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4240 Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:47:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4240 Object Type: Key Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4240 Operation ID: {0,316199} Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: AERODB$ Client Domain: AIS Client Logon ID: (0x0,0x3E7) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4204 Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:47:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4204 Object Type: Key Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4204 Operation ID: {0,313476} Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: AERODB$ Client Domain: AIS Client Logon ID: (0x0,0x3E7) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:47:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: Key Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4280 Operation ID: {0,310557} Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: AERODB$ Client Domain: AIS Client Logon ID: (0x0,0x3E7) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4156 Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:47:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4156 Object Type: Key Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4156 Operation ID: {0,304350} Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: AERODB$ Client Domain: AIS Client Logon ID: (0x0,0x3E7) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:13 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4240 Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:47:13 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4240 Object Type: Key Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:13 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4240 Operation ID: {0,298321} Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: AERODB$ Client Domain: AIS Client Logon ID: (0x0,0x3E7) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:12 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4216 Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:47:12 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4216 Object Type: Key Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:12 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4216 Operation ID: {0,292153} Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: AERODB$ Client Domain: AIS Client Logon ID: (0x0,0x3E7) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:12 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4220 Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:47:12 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4220 Object Type: Key Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:12 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4220 Operation ID: {0,285827} Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: AERODB$ Client Domain: AIS Client Logon ID: (0x0,0x3E7) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:12 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4220 Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:47:12 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4220 Object Type: Key Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:12 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4220 Operation ID: {0,280167} Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: AERODB$ Client Domain: AIS Client Logon ID: (0x0,0x3E7) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:12 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4220 Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:47:12 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4220 Object Type: Key Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:12 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4220 Operation ID: {0,273941} Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: AERODB$ Client Domain: AIS Client Logon ID: (0x0,0x3E7) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:12 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4260 Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:47:12 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4260 Object Type: Key Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:12 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4260 Operation ID: {0,255686} Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: AERODB$ Client Domain: AIS Client Logon ID: (0x0,0x3E7) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:12 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2348 Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:47:12 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2348 Object Type: Key Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:12 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2348 Operation ID: {0,248921} Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: AERODB$ Client Domain: AIS Client Logon ID: (0x0,0x3E7) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:12 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4184 Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:47:12 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4184 Object Type: Key Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:12 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4184 Operation ID: {0,242299} Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: AERODB$ Client Domain: AIS Client Logon ID: (0x0,0x3E7) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:12 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4140 Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:47:12 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4140 Object Type: Key Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:12 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4140 Operation ID: {0,236764} Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: AERODB$ Client Domain: AIS Client Logon ID: (0x0,0x3E7) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:12 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 572 Process ID: 2712 Image File Name: C:\Program Files\VMware\VMware Tools\vmtoolsd.exe " 4/17/2020 11:47:12 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 572 Object Type: File Process ID: 2712 Image File Name: C:\Program Files\VMware\VMware Tools\vmtoolsd.exe Accesses: READ_CONTROL Access Mask: 0x20000 " 4/17/2020 11:47:12 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 572 Operation ID: {0,236417} Process ID: 2712 Image File Name: C:\Program Files\VMware\VMware Tools\vmtoolsd.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Privileges: - Restricted Sid Count: 0 Access Mask: 0x20000 " 4/17/2020 11:47:12 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 572 Process ID: 2712 Image File Name: C:\Program Files\VMware\VMware Tools\vmtoolsd.exe " 4/17/2020 11:47:12 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 572 Object Type: File Process ID: 2712 Image File Name: C:\Program Files\VMware\VMware Tools\vmtoolsd.exe Accesses: READ_CONTROL Access Mask: 0x20000 " 4/17/2020 11:47:12 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 572 Operation ID: {0,236415} Process ID: 2712 Image File Name: C:\Program Files\VMware\VMware Tools\vmtoolsd.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Privileges: - Restricted Sid Count: 0 Access Mask: 0x20000 " 4/17/2020 11:47:12 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 568 Process ID: 2712 Image File Name: C:\Program Files\VMware\VMware Tools\vmtoolsd.exe " 4/17/2020 11:47:12 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 568 Object Type: File Process ID: 2712 Image File Name: C:\Program Files\VMware\VMware Tools\vmtoolsd.exe Accesses: READ_CONTROL Access Mask: 0x20000 " 4/17/2020 11:47:12 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\vmware-SYSTEM Handle ID: 568 Operation ID: {0,236147} Process ID: 2712 Image File Name: C:\Program Files\VMware\VMware Tools\vmtoolsd.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x20080 " 4/17/2020 11:47:12 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 568 Process ID: 2712 Image File Name: C:\Program Files\VMware\VMware Tools\vmtoolsd.exe " 4/17/2020 11:47:12 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 568 Object Type: File Process ID: 2712 Image File Name: C:\Program Files\VMware\VMware Tools\vmtoolsd.exe Accesses: READ_CONTROL Access Mask: 0x20000 " 4/17/2020 11:47:12 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 568 Operation ID: {0,236132} Process ID: 2712 Image File Name: C:\Program Files\VMware\VMware Tools\vmtoolsd.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Privileges: - Restricted Sid Count: 0 Access Mask: 0x20000 " 4/17/2020 11:47:12 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 568 Process ID: 2712 Image File Name: C:\Program Files\VMware\VMware Tools\vmtoolsd.exe " 4/17/2020 11:47:12 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 568 Object Type: File Process ID: 2712 Image File Name: C:\Program Files\VMware\VMware Tools\vmtoolsd.exe Accesses: READ_CONTROL Access Mask: 0x20000 " 4/17/2020 11:47:12 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 568 Operation ID: {0,236131} Process ID: 2712 Image File Name: C:\Program Files\VMware\VMware Tools\vmtoolsd.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Privileges: - Restricted Sid Count: 0 Access Mask: 0x20000 " 4/17/2020 11:47:12 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 544 Process ID: 2712 Image File Name: C:\Program Files\VMware\VMware Tools\vmtoolsd.exe " 4/17/2020 11:47:12 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 544 Object Type: File Process ID: 2712 Image File Name: C:\Program Files\VMware\VMware Tools\vmtoolsd.exe Accesses: READ_CONTROL Access Mask: 0x20000 " 4/17/2020 11:47:12 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 544 Operation ID: {0,236117} Process ID: 2712 Image File Name: C:\Program Files\VMware\VMware Tools\vmtoolsd.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Privileges: - Restricted Sid Count: 0 Access Mask: 0x20000 " 4/17/2020 11:47:12 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 544 Process ID: 2712 Image File Name: C:\Program Files\VMware\VMware Tools\vmtoolsd.exe " 4/17/2020 11:47:12 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 544 Object Type: File Process ID: 2712 Image File Name: C:\Program Files\VMware\VMware Tools\vmtoolsd.exe Accesses: READ_CONTROL Access Mask: 0x20000 " 4/17/2020 11:47:12 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 544 Operation ID: {0,236115} Process ID: 2712 Image File Name: C:\Program Files\VMware\VMware Tools\vmtoolsd.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Privileges: - Restricted Sid Count: 0 Access Mask: 0x20000 " 4/17/2020 11:47:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 464 Process ID: 3968 Image File Name: C:\WINDOWS\system32\vssvc.exe " 4/17/2020 11:47:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 464 Object Type: Key Process ID: 3968 Image File Name: C:\WINDOWS\system32\vssvc.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 464 Operation ID: {0,233558} Process ID: 3968 Image File Name: C:\WINDOWS\system32\vssvc.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2348 Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:47:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2348 Object Type: Key Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2348 Operation ID: {0,232987} Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: AERODB$ Client Domain: AIS Client Logon ID: (0x0,0x3E7) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 172 Process ID: 3968 Image File Name: C:\WINDOWS\system32\vssvc.exe " 4/17/2020 11:47:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 172 Object Type: Key Process ID: 3968 Image File Name: C:\WINDOWS\system32\vssvc.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 172 Operation ID: {0,230127} Process ID: 3968 Image File Name: C:\WINDOWS\system32\vssvc.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 116 Process ID: 3968 Image File Name: C:\WINDOWS\system32\vssvc.exe " 4/17/2020 11:47:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 116 Object Type: Key Process ID: 3968 Image File Name: C:\WINDOWS\system32\vssvc.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 116 Operation ID: {0,230014} Process ID: 3968 Image File Name: C:\WINDOWS\system32\vssvc.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:47:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1280 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:47:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1280 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1280 Operation ID: {0,228937} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4144 Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:47:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4144 Object Type: Key Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4144 Operation ID: {0,228148} Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: AERODB$ Client Domain: AIS Client Logon ID: (0x0,0x3E7) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 524 Process ID: 2712 Image File Name: C:\Program Files\VMware\VMware Tools\vmtoolsd.exe " 4/17/2020 11:47:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 524 Object Type: Key Process ID: 2712 Image File Name: C:\Program Files\VMware\VMware Tools\vmtoolsd.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 524 Operation ID: {0,225939} Process ID: 2712 Image File Name: C:\Program Files\VMware\VMware Tools\vmtoolsd.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4144 Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:47:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4144 Object Type: Key Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4144 Operation ID: {0,224856} Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: AERODB$ Client Domain: AIS Client Logon ID: (0x0,0x3E7) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4060 Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:47:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4060 Object Type: Key Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4060 Operation ID: {0,222051} Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: AERODB$ Client Domain: AIS Client Logon ID: (0x0,0x3E7) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2824 Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:47:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2824 Object Type: Key Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2824 Operation ID: {0,219309} Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: AERODB$ Client Domain: AIS Client Logon ID: (0x0,0x3E7) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4164 Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:47:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4164 Object Type: Key Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4164 Operation ID: {0,216221} Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: AERODB$ Client Domain: AIS Client Logon ID: (0x0,0x3E7) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2848 Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:47:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2848 Object Type: Key Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2848 Operation ID: {0,213225} Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: AERODB$ Client Domain: AIS Client Logon ID: (0x0,0x3E7) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2800 Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:47:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2800 Object Type: Key Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2800 Operation ID: {0,210457} Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: AERODB$ Client Domain: AIS Client Logon ID: (0x0,0x3E7) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3772 Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:47:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3772 Object Type: Key Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3772 Operation ID: {0,192938} Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: AERODB$ Client Domain: AIS Client Logon ID: (0x0,0x3E7) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3584 Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:47:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3584 Object Type: Key Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3584 Operation ID: {0,192853} Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: AERODB$ Client Domain: AIS Client Logon ID: (0x0,0x3E7) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 348 Process ID: 3256 Image File Name: C:\WINDOWS\system32\dllhost.exe " 4/17/2020 11:47:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 348 Object Type: Key Process ID: 3256 Image File Name: C:\WINDOWS\system32\dllhost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 348 Operation ID: {0,171340} Process ID: 3256 Image File Name: C:\WINDOWS\system32\dllhost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 120 Process ID: 3256 Image File Name: C:\WINDOWS\system32\dllhost.exe " 4/17/2020 11:47:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 120 Object Type: Key Process ID: 3256 Image File Name: C:\WINDOWS\system32\dllhost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 120 Operation ID: {0,168575} Process ID: 3256 Image File Name: C:\WINDOWS\system32\dllhost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 116 Process ID: 3256 Image File Name: C:\WINDOWS\system32\dllhost.exe " 4/17/2020 11:47:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 116 Object Type: Key Process ID: 3256 Image File Name: C:\WINDOWS\system32\dllhost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 116 Operation ID: {0,168537} Process ID: 3256 Image File Name: C:\WINDOWS\system32\dllhost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:47:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1548 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:47:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1548 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1548 Operation ID: {0,167458} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:10 AM Security Success Audit Object Access 562 AERODB\SQLServer AERODB "Handle Closed: Object Server: Security Handle ID: 2468 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:10 AM Security Success Audit Object Access 567 AERODB\SQLServer AERODB "Object Access Attempt: Object Server: Security Handle ID: 2468 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:10 AM Security Success Audit Object Access 560 AERODB\SQLServer AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2468 Operation ID: {0,163976} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: SQLServer Client Domain: AERODB Client Logon ID: (0x0,0x16ED7) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:10 AM Security Success Audit Object Access 562 AERODB\SQLServer AERODB "Handle Closed: Object Server: Security Handle ID: 2472 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:10 AM Security Success Audit Object Access 567 AERODB\SQLServer AERODB "Object Access Attempt: Object Server: Security Handle ID: 2472 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:10 AM Security Success Audit Object Access 560 AERODB\SQLServer AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2472 Operation ID: {0,163753} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: SQLServer Client Domain: AERODB Client Logon ID: (0x0,0x16ED7) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:10 AM Security Success Audit Object Access 562 AERODB\SQLServer AERODB "Handle Closed: Object Server: Security Handle ID: 2096 Process ID: 2176 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe " 4/17/2020 11:47:10 AM Security Success Audit Object Access 567 AERODB\SQLServer AERODB "Object Access Attempt: Object Server: Security Handle ID: 2096 Object Type: Key Process ID: 2176 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:10 AM Security Success Audit Object Access 560 AERODB\SQLServer AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2096 Operation ID: {0,163563} Process ID: 2176 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe Primary User Name: SQLServer Primary Domain: AERODB Primary Logon ID: (0x0,0x16ED7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 396 Process ID: 6016 Image File Name: C:\WINDOWS\system32\dllhost.exe " 4/17/2020 11:47:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 396 Object Type: Key Process ID: 6016 Image File Name: C:\WINDOWS\system32\dllhost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 396 Operation ID: {0,154025} Process ID: 6016 Image File Name: C:\WINDOWS\system32\dllhost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 316 Process ID: 5996 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:47:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 316 Object Type: Key Process ID: 5996 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 316 Operation ID: {0,151656} Process ID: 5996 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 120 Process ID: 6016 Image File Name: C:\WINDOWS\system32\dllhost.exe " 4/17/2020 11:47:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 120 Object Type: Key Process ID: 6016 Image File Name: C:\WINDOWS\system32\dllhost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 120 Operation ID: {0,147288} Process ID: 6016 Image File Name: C:\WINDOWS\system32\dllhost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 116 Process ID: 6016 Image File Name: C:\WINDOWS\system32\dllhost.exe " 4/17/2020 11:47:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 116 Object Type: Key Process ID: 6016 Image File Name: C:\WINDOWS\system32\dllhost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 116 Operation ID: {0,147282} Process ID: 6016 Image File Name: C:\WINDOWS\system32\dllhost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 64 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:47:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 64 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 64 Operation ID: {0,146504} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 124 Process ID: 5996 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:47:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 124 Object Type: Key Process ID: 5996 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 124 Operation ID: {0,146317} Process ID: 5996 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 68 Process ID: 5996 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:47:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 68 Object Type: Key Process ID: 5996 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 68 Operation ID: {0,146259} Process ID: 5996 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 64 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:47:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 64 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 64 Operation ID: {0,145880} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 562 AERODB\SQLServer AERODB "Handle Closed: Object Server: Security Handle ID: 5336 Process ID: 420 Image File Name: C:\WINDOWS\system32\csrss.exe " 4/17/2020 11:47:09 AM Security Success Audit Object Access 567 AERODB\SQLServer AERODB "Object Access Attempt: Object Server: Security Handle ID: 5336 Object Type: Key Process ID: 420 Image File Name: C:\WINDOWS\system32\csrss.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 560 AERODB\SQLServer AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 5336 Operation ID: {0,144490} Process ID: 420 Image File Name: C:\WINDOWS\system32\csrss.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: SQLServer Client Domain: AERODB Client Logon ID: (0x0,0x22B91) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 562 AERODB\SQLServer AERODB "Handle Closed: Object Server: Security Handle ID: 148 Process ID: 5700 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE " 4/17/2020 11:47:09 AM Security Success Audit Object Access 567 AERODB\SQLServer AERODB "Object Access Attempt: Object Server: Security Handle ID: 148 Object Type: Key Process ID: 5700 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 560 AERODB\SQLServer AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 148 Operation ID: {0,143594} Process ID: 5700 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE Primary User Name: SQLServer Primary Domain: AERODB Primary Logon ID: (0x0,0x22B91) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 562 AERODB\SQLServer AERODB "Handle Closed: Object Server: Security Handle ID: 72 Process ID: 5700 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE " 4/17/2020 11:47:09 AM Security Success Audit Object Access 567 AERODB\SQLServer AERODB "Object Access Attempt: Object Server: Security Handle ID: 72 Object Type: Key Process ID: 5700 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 560 AERODB\SQLServer AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 72 Operation ID: {0,143560} Process ID: 5700 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE Primary User Name: SQLServer Primary Domain: AERODB Primary Logon ID: (0x0,0x22B91) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1492 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:47:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1492 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1492 Operation ID: {0,142379} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Logon/Logoff 576 AERODB\SQLServer AERODB "Special privileges assigned to new logon: User Name: SQLServer Domain: AERODB Logon ID: (0x0,0x22B91) Privileges: SeAssignPrimaryTokenPrivilege SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege" 4/17/2020 11:47:09 AM Security Success Audit Logon/Logoff 528 AERODB\SQLServer AERODB "Successful Logon: User Name: SQLServer Domain: AERODB Logon ID: (0x0,0x22B91) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: AERODB Logon GUID: - Caller User Name: AERODB$ Caller Domain: AIS Caller Logon ID: (0x0,0x3E7) Caller Process ID: 496 Transited Services: - Source Network Address: - Source Port: - " 4/17/2020 11:47:09 AM Security Success Audit Logon/Logoff 552 NT AUTHORITY\SYSTEM AERODB "Logon attempt using explicit credentials: Logged on user: User Name: AERODB$ Domain: AIS Logon ID: (0x0,0x3E7) Logon GUID: - User whose credentials were used: Target User Name: SQLServer Target Domain: AERODB Target Logon GUID: - Target Server Name: localhost Target Server Info: localhost Caller Process ID: 496 Source Network Address: - Source Port: - " 4/17/2020 11:47:09 AM Security Success Audit Account Logon 680 AERODB\SQLServer AERODB "Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: SQLServer Source Workstation: AERODB Error Code: 0x0 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2236 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:09 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2236 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2236 Operation ID: {0,139871} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x14901) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1456 Process ID: 1836 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe " 4/17/2020 11:47:09 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1456 Object Type: Key Process ID: 1836 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1456 Operation ID: {0,139442} Process ID: 1836 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x14901) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2084 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:09 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2084 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2084 Operation ID: {0,139380} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x14901) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1452 Process ID: 1836 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe " 4/17/2020 11:47:09 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1452 Object Type: Key Process ID: 1836 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1452 Operation ID: {0,139267} Process ID: 1836 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x14901) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2080 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:09 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2080 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2080 Operation ID: {0,139182} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x14901) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2080 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:09 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2080 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2080 Operation ID: {0,139110} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x14901) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2080 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:09 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2080 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2080 Operation ID: {0,139040} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x14901) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1452 Process ID: 1836 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe " 4/17/2020 11:47:09 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1452 Object Type: Key Process ID: 1836 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1452 Operation ID: {0,138948} Process ID: 1836 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x14901) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2080 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:09 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2080 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2080 Operation ID: {0,138875} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x14901) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2080 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:09 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2080 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2080 Operation ID: {0,138805} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x14901) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2080 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:09 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2080 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2080 Operation ID: {0,138733} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x14901) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 560 Process ID: 2592 Image File Name: C:\WINDOWS\system32\snmp.exe " 4/17/2020 11:47:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 560 Object Type: Key Process ID: 2592 Image File Name: C:\WINDOWS\system32\snmp.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 560 Operation ID: {0,136944} Process ID: 2592 Image File Name: C:\WINDOWS\system32\snmp.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1452 Process ID: 1836 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe " 4/17/2020 11:47:09 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1452 Object Type: Key Process ID: 1836 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1452 Operation ID: {0,136305} Process ID: 1836 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x14901) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1440 Process ID: 1836 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe " 4/17/2020 11:47:09 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1440 Object Type: Key Process ID: 1836 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1440 Operation ID: {0,136237} Process ID: 1836 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x14901) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2080 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:09 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2080 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2080 Operation ID: {0,135156} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x14901) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2080 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:09 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2080 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2080 Operation ID: {0,135085} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x14901) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2080 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:09 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2080 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2080 Operation ID: {0,134859} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x14901) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2080 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:09 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2080 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2080 Operation ID: {0,134774} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x14901) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 320 Process ID: 1312 Image File Name: C:\WINDOWS\system32\spoolsv.exe " 4/17/2020 11:47:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 320 Object Type: Key Process ID: 1312 Image File Name: C:\WINDOWS\system32\spoolsv.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 320 Operation ID: {0,133289} Process ID: 1312 Image File Name: C:\WINDOWS\system32\spoolsv.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:47:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 120 Process ID: 3684 Image File Name: C:\WINDOWS\system32\rsmsink.exe " 4/17/2020 11:47:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 120 Object Type: Key Process ID: 3684 Image File Name: C:\WINDOWS\system32\rsmsink.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 120 Operation ID: {0,126973} Process ID: 3684 Image File Name: C:\WINDOWS\system32\rsmsink.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 116 Process ID: 3684 Image File Name: C:\WINDOWS\system32\rsmsink.exe " 4/17/2020 11:47:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 116 Object Type: Key Process ID: 3684 Image File Name: C:\WINDOWS\system32\rsmsink.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 116 Operation ID: {0,126964} Process ID: 3684 Image File Name: C:\WINDOWS\system32\rsmsink.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:47:08 AM Security Success Audit Object Access 562 NT AUTHORITY\NETWORK SERVICE AERODB "Handle Closed: Object Server: Security Handle ID: 172 Process ID: 3528 Image File Name: C:\WINDOWS\system32\wbem\wmiprvse.exe " 4/17/2020 11:47:08 AM Security Success Audit Object Access 567 NT AUTHORITY\NETWORK SERVICE AERODB "Object Access Attempt: Object Server: Security Handle ID: 172 Object Type: Key Process ID: 3528 Image File Name: C:\WINDOWS\system32\wbem\wmiprvse.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:08 AM Security Success Audit Object Access 560 NT AUTHORITY\NETWORK SERVICE AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 172 Operation ID: {0,120951} Process ID: 3528 Image File Name: C:\WINDOWS\system32\wbem\wmiprvse.exe Primary User Name: NETWORK SERVICE Primary Domain: NT AUTHORITY Primary Logon ID: (0x0,0x3E4) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:08 AM Security Success Audit Object Access 562 NT AUTHORITY\NETWORK SERVICE AERODB "Handle Closed: Object Server: Security Handle ID: 116 Process ID: 3528 Image File Name: C:\WINDOWS\system32\wbem\wmiprvse.exe " 4/17/2020 11:47:08 AM Security Success Audit Object Access 567 NT AUTHORITY\NETWORK SERVICE AERODB "Object Access Attempt: Object Server: Security Handle ID: 116 Object Type: Key Process ID: 3528 Image File Name: C:\WINDOWS\system32\wbem\wmiprvse.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:08 AM Security Success Audit Object Access 560 NT AUTHORITY\NETWORK SERVICE AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 116 Operation ID: {0,120880} Process ID: 3528 Image File Name: C:\WINDOWS\system32\wbem\wmiprvse.exe Primary User Name: NETWORK SERVICE Primary Domain: NT AUTHORITY Primary Logon ID: (0x0,0x3E4) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:47:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 292 Process ID: 3272 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:47:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 292 Object Type: Key Process ID: 3272 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 292 Operation ID: {0,117956} Process ID: 3272 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1404 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:47:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1404 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1404 Operation ID: {0,116182} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 124 Process ID: 3272 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:47:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 124 Object Type: Key Process ID: 3272 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 124 Operation ID: {0,116094} Process ID: 3272 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:47:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 68 Process ID: 3272 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:47:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 68 Object Type: Key Process ID: 3272 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 68 Operation ID: {0,116003} Process ID: 3272 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1376 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:47:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1376 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1376 Operation ID: {0,115799} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 152 Process ID: 3184 Image File Name: C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe " 4/17/2020 11:47:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 152 Object Type: Key Process ID: 3184 Image File Name: C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 152 Operation ID: {0,115691} Process ID: 3184 Image File Name: C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 128 Process ID: 3184 Image File Name: C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe " 4/17/2020 11:47:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 128 Object Type: Key Process ID: 3184 Image File Name: C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 128 Operation ID: {0,115659} Process ID: 3184 Image File Name: C:\Program Files\VMware\VMware Tools\VMUpgradeHelper.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:47:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1380 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:47:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1380 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1380 Operation ID: {0,113952} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1380 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:47:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Security Handle ID: 1380 Operation ID: {0,113737} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Set key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x2001B " 4/17/2020 11:47:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1372 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:47:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Security Handle ID: 1372 Operation ID: {0,113728} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Set key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x2001B " 4/17/2020 11:47:08 AM Security Success Audit Object Access 562 AERODB\SQLServer AERODB "Handle Closed: Object Server: Security Handle ID: 2672 Process ID: 1968 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe " 4/17/2020 11:47:08 AM Security Success Audit Object Access 567 AERODB\SQLServer AERODB "Object Access Attempt: Object Server: Security Handle ID: 2672 Object Type: Key Process ID: 1968 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:08 AM Security Success Audit Object Access 560 AERODB\SQLServer AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2672 Operation ID: {0,113549} Process ID: 1968 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe Primary User Name: SQLServer Primary Domain: AERODB Primary Logon ID: (0x0,0x161E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:08 AM Security Success Audit Object Access 562 AERODB\SQLServer AERODB "Handle Closed: Object Server: Security Handle ID: 2480 Process ID: 1968 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe " 4/17/2020 11:47:08 AM Security Success Audit Object Access 567 AERODB\SQLServer AERODB "Object Access Attempt: Object Server: Security Handle ID: 2480 Object Type: Key Process ID: 1968 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:08 AM Security Success Audit Object Access 560 AERODB\SQLServer AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2480 Operation ID: {0,113246} Process ID: 1968 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe Primary User Name: SQLServer Primary Domain: AERODB Primary Logon ID: (0x0,0x161E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 120 Process ID: 3040 Image File Name: C:\WINDOWS\system32\rsserv.exe " 4/17/2020 11:47:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 120 Object Type: Key Process ID: 3040 Image File Name: C:\WINDOWS\system32\rsserv.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 120 Operation ID: {0,112402} Process ID: 3040 Image File Name: C:\WINDOWS\system32\rsserv.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 116 Process ID: 3040 Image File Name: C:\WINDOWS\system32\rsserv.exe " 4/17/2020 11:47:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 116 Object Type: Key Process ID: 3040 Image File Name: C:\WINDOWS\system32\rsserv.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 116 Operation ID: {0,112393} Process ID: 3040 Image File Name: C:\WINDOWS\system32\rsserv.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:47:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1356 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:47:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1356 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1356 Operation ID: {0,112233} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 304 Process ID: 2876 Image File Name: C:\WINDOWS\system32\mqsvc.exe " 4/17/2020 11:47:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 304 Object Type: Key Process ID: 2876 Image File Name: C:\WINDOWS\system32\mqsvc.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 304 Operation ID: {0,111984} Process ID: 2876 Image File Name: C:\WINDOWS\system32\mqsvc.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 140 Process ID: 2876 Image File Name: C:\WINDOWS\system32\mqsvc.exe " 4/17/2020 11:47:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 140 Object Type: Key Process ID: 2876 Image File Name: C:\WINDOWS\system32\mqsvc.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 140 Operation ID: {0,111653} Process ID: 2876 Image File Name: C:\WINDOWS\system32\mqsvc.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:47:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 96 Process ID: 2876 Image File Name: C:\WINDOWS\system32\mqsvc.exe " 4/17/2020 11:47:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 96 Object Type: Key Process ID: 2876 Image File Name: C:\WINDOWS\system32\mqsvc.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 96 Operation ID: {0,111546} Process ID: 2876 Image File Name: C:\WINDOWS\system32\mqsvc.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:08 AM Security Success Audit Object Access 562 AERODB\SQLServer AERODB "Handle Closed: Object Server: Security Handle ID: 1532 Process ID: 2792 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe " 4/17/2020 11:47:08 AM Security Success Audit Object Access 567 AERODB\SQLServer AERODB "Object Access Attempt: Object Server: Security Handle ID: 1532 Object Type: Key Process ID: 2792 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:08 AM Security Success Audit Object Access 560 AERODB\SQLServer AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Memory Management Handle ID: 1532 Operation ID: {0,108807} Process ID: 2792 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe Primary User Name: SQLServer Primary Domain: AERODB Primary Logon ID: (0x0,0x19B93) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:47:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1336 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:47:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1336 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1336 Operation ID: {0,108589} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:08 AM Security Success Audit Object Access 562 AERODB\SQLServer AERODB "Handle Closed: Object Server: Security Handle ID: 116 Process ID: 2792 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe " 4/17/2020 11:47:08 AM Security Success Audit Object Access 567 AERODB\SQLServer AERODB "Object Access Attempt: Object Server: Security Handle ID: 116 Object Type: Key Process ID: 2792 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:08 AM Security Success Audit Object Access 560 AERODB\SQLServer AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 116 Operation ID: {0,108128} Process ID: 2792 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe Primary User Name: SQLServer Primary Domain: AERODB Primary Logon ID: (0x0,0x19B93) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:47:08 AM Security Success Audit Object Access 562 AERODB\SQLServer AERODB "Handle Closed: Object Server: Security Handle ID: 40 Process ID: 2792 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe " 4/17/2020 11:47:08 AM Security Success Audit Object Access 567 AERODB\SQLServer AERODB "Object Access Attempt: Object Server: Security Handle ID: 40 Object Type: Key Process ID: 2792 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:08 AM Security Success Audit Object Access 560 AERODB\SQLServer AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 40 Operation ID: {0,108049} Process ID: 2792 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe Primary User Name: SQLServer Primary Domain: AERODB Primary Logon ID: (0x0,0x19B93) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 562 NT AUTHORITY\LOCAL SERVICE AERODB "Handle Closed: Object Server: Security Handle ID: 468 Process ID: 936 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:47:07 AM Security Success Audit Object Access 567 NT AUTHORITY\LOCAL SERVICE AERODB "Object Access Attempt: Object Server: Security Handle ID: 468 Object Type: Key Process ID: 936 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 560 NT AUTHORITY\LOCAL SERVICE AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 468 Operation ID: {0,106410} Process ID: 936 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: LOCAL SERVICE Primary Domain: NT AUTHORITY Primary Logon ID: (0x0,0x3E5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1304 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:47:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1304 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1304 Operation ID: {0,105485} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Logon/Logoff 576 AERODB\SQLServer AERODB "Special privileges assigned to new logon: User Name: SQLServer Domain: AERODB Logon ID: (0x0,0x19B93) Privileges: SeAssignPrimaryTokenPrivilege SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege" 4/17/2020 11:47:07 AM Security Success Audit Logon/Logoff 528 AERODB\SQLServer AERODB "Successful Logon: User Name: SQLServer Domain: AERODB Logon ID: (0x0,0x19B93) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: AERODB Logon GUID: - Caller User Name: AERODB$ Caller Domain: AIS Caller Logon ID: (0x0,0x3E7) Caller Process ID: 496 Transited Services: - Source Network Address: - Source Port: - " 4/17/2020 11:47:07 AM Security Success Audit Logon/Logoff 552 NT AUTHORITY\SYSTEM AERODB "Logon attempt using explicit credentials: Logged on user: User Name: AERODB$ Domain: AIS Logon ID: (0x0,0x3E7) Logon GUID: - User whose credentials were used: Target User Name: SQLServer Target Domain: AERODB Target Logon GUID: - Target Server Name: localhost Target Server Info: localhost Caller Process ID: 496 Source Network Address: - Source Port: - " 4/17/2020 11:47:07 AM Security Success Audit Account Logon 680 AERODB\SQLServer AERODB "Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: SQLServer Source Workstation: AERODB Error Code: 0x0 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 152 Process ID: 2712 Image File Name: C:\Program Files\VMware\VMware Tools\vmtoolsd.exe " 4/17/2020 11:47:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 152 Object Type: Key Process ID: 2712 Image File Name: C:\Program Files\VMware\VMware Tools\vmtoolsd.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 152 Operation ID: {0,103965} Process ID: 2712 Image File Name: C:\Program Files\VMware\VMware Tools\vmtoolsd.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 148 Process ID: 2712 Image File Name: C:\Program Files\VMware\VMware Tools\vmtoolsd.exe " 4/17/2020 11:47:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 148 Object Type: Key Process ID: 2712 Image File Name: C:\Program Files\VMware\VMware Tools\vmtoolsd.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 148 Operation ID: {0,103924} Process ID: 2712 Image File Name: C:\Program Files\VMware\VMware Tools\vmtoolsd.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1300 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:47:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1300 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1300 Operation ID: {0,103022} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 562 NT AUTHORITY\NETWORK SERVICE AERODB "Handle Closed: Object Server: Security Handle ID: 132 Process ID: 2648 Image File Name: C:\WINDOWS\system32\smlogsvc.exe " 4/17/2020 11:47:07 AM Security Success Audit Object Access 567 NT AUTHORITY\NETWORK SERVICE AERODB "Object Access Attempt: Object Server: Security Handle ID: 132 Object Type: Key Process ID: 2648 Image File Name: C:\WINDOWS\system32\smlogsvc.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 560 NT AUTHORITY\NETWORK SERVICE AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 132 Operation ID: {0,102844} Process ID: 2648 Image File Name: C:\WINDOWS\system32\smlogsvc.exe Primary User Name: NETWORK SERVICE Primary Domain: NT AUTHORITY Primary Logon ID: (0x0,0x3E4) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 562 AERODB\SQLServer AERODB "Handle Closed: Object Server: Security Handle ID: 348 Process ID: 2620 Image File Name: C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe " 4/17/2020 11:47:07 AM Security Success Audit Object Access 567 AERODB\SQLServer AERODB "Object Access Attempt: Object Server: Security Handle ID: 348 Object Type: Key Process ID: 2620 Image File Name: C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 560 AERODB\SQLServer AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 348 Operation ID: {0,102769} Process ID: 2620 Image File Name: C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe Primary User Name: SQLServer Primary Domain: AERODB Primary Logon ID: (0x0,0x18A17) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Logon/Logoff 540 NT AUTHORITY\ANONYMOUS LOGON AERODB "Successful Network Logon: User Name: Domain: Logon ID: (0x0,0x19115) Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NTLM Workstation Name: MONITORING1 Logon GUID: - Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 192.168.0.14 Source Port: 0 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 562 NT AUTHORITY\NETWORK SERVICE AERODB "Handle Closed: Object Server: Security Handle ID: 92 Process ID: 2648 Image File Name: C:\WINDOWS\system32\smlogsvc.exe " 4/17/2020 11:47:07 AM Security Success Audit Object Access 567 NT AUTHORITY\NETWORK SERVICE AERODB "Object Access Attempt: Object Server: Security Handle ID: 92 Object Type: Key Process ID: 2648 Image File Name: C:\WINDOWS\system32\smlogsvc.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 560 NT AUTHORITY\NETWORK SERVICE AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 92 Operation ID: {0,102673} Process ID: 2648 Image File Name: C:\WINDOWS\system32\smlogsvc.exe Primary User Name: NETWORK SERVICE Primary Domain: NT AUTHORITY Primary Logon ID: (0x0,0x3E4) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 432 Process ID: 2592 Image File Name: C:\WINDOWS\system32\snmp.exe " 4/17/2020 11:47:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 432 Object Type: Key Process ID: 2592 Image File Name: C:\WINDOWS\system32\snmp.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 432 Operation ID: {0,102578} Process ID: 2592 Image File Name: C:\WINDOWS\system32\snmp.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 562 AERODB\SQLServer AERODB "Handle Closed: Object Server: Security Handle ID: 328 Process ID: 2620 Image File Name: C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe " 4/17/2020 11:47:07 AM Security Success Audit Object Access 567 AERODB\SQLServer AERODB "Object Access Attempt: Object Server: Security Handle ID: 328 Object Type: Key Process ID: 2620 Image File Name: C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 560 AERODB\SQLServer AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 328 Operation ID: {0,102346} Process ID: 2620 Image File Name: C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe Primary User Name: SQLServer Primary Domain: AERODB Primary Logon ID: (0x0,0x18A17) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1284 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:47:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1284 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1284 Operation ID: {0,101898} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 562 AERODB\SQLServer AERODB "Handle Closed: Object Server: Security Handle ID: 44 Process ID: 2620 Image File Name: C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe " 4/17/2020 11:47:07 AM Security Success Audit Object Access 567 AERODB\SQLServer AERODB "Object Access Attempt: Object Server: Security Handle ID: 44 Object Type: Key Process ID: 2620 Image File Name: C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 560 AERODB\SQLServer AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 44 Operation ID: {0,101746} Process ID: 2620 Image File Name: C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe Primary User Name: SQLServer Primary Domain: AERODB Primary Logon ID: (0x0,0x18A17) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1264 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:47:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1264 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1264 Operation ID: {0,101030} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Logon/Logoff 576 AERODB\SQLServer AERODB "Special privileges assigned to new logon: User Name: SQLServer Domain: AERODB Logon ID: (0x0,0x18A17) Privileges: SeAssignPrimaryTokenPrivilege SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege" 4/17/2020 11:47:07 AM Security Success Audit Logon/Logoff 528 AERODB\SQLServer AERODB "Successful Logon: User Name: SQLServer Domain: AERODB Logon ID: (0x0,0x18A17) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: AERODB Logon GUID: - Caller User Name: AERODB$ Caller Domain: AIS Caller Logon ID: (0x0,0x3E7) Caller Process ID: 496 Transited Services: - Source Network Address: - Source Port: - " 4/17/2020 11:47:07 AM Security Success Audit Logon/Logoff 552 NT AUTHORITY\SYSTEM AERODB "Logon attempt using explicit credentials: Logged on user: User Name: AERODB$ Domain: AIS Logon ID: (0x0,0x3E7) Logon GUID: - User whose credentials were used: Target User Name: SQLServer Target Domain: AERODB Target Logon GUID: - Target Server Name: localhost Target Server Info: localhost Caller Process ID: 496 Source Network Address: - Source Port: - " 4/17/2020 11:47:07 AM Security Success Audit Account Logon 680 AERODB\SQLServer AERODB "Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: SQLServer Source Workstation: AERODB Error Code: 0x0 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 72 Process ID: 2592 Image File Name: C:\WINDOWS\system32\snmp.exe " 4/17/2020 11:47:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 72 Object Type: Key Process ID: 2592 Image File Name: C:\WINDOWS\system32\snmp.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 72 Operation ID: {0,100807} Process ID: 2592 Image File Name: C:\WINDOWS\system32\snmp.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1236 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:47:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1236 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1236 Operation ID: {0,99890} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 912 Process ID: 1836 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe " 4/17/2020 11:47:07 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 912 Object Type: Key Process ID: 1836 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 912 Operation ID: {0,98771} Process ID: 1836 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x14901) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 562 AERODB\SQLServer AERODB "Handle Closed: Object Server: Security Handle ID: 792 Process ID: 2176 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe " 4/17/2020 11:47:07 AM Security Success Audit Object Access 567 AERODB\SQLServer AERODB "Object Access Attempt: Object Server: Security Handle ID: 792 Object Type: Key Process ID: 2176 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 560 AERODB\SQLServer AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 792 Operation ID: {0,97496} Process ID: 2176 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe Primary User Name: SQLServer Primary Domain: AERODB Primary Logon ID: (0x0,0x16ED7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 562 AERODB\SQLServer AERODB "Handle Closed: Object Server: Security Handle ID: 764 Process ID: 2176 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe " 4/17/2020 11:47:07 AM Security Success Audit Object Access 567 AERODB\SQLServer AERODB "Object Access Attempt: Object Server: Security Handle ID: 764 Object Type: Key Process ID: 2176 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 560 AERODB\SQLServer AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 764 Operation ID: {0,97261} Process ID: 2176 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe Primary User Name: SQLServer Primary Domain: AERODB Primary Logon ID: (0x0,0x16ED7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 562 AERODB\SQLServer AERODB "Handle Closed: Object Server: Security Handle ID: 540 Process ID: 2176 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe " 4/17/2020 11:47:07 AM Security Success Audit Object Access 567 AERODB\SQLServer AERODB "Object Access Attempt: Object Server: Security Handle ID: 540 Object Type: Key Process ID: 2176 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 560 AERODB\SQLServer AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 540 Operation ID: {0,96944} Process ID: 2176 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe Primary User Name: SQLServer Primary Domain: AERODB Primary Logon ID: (0x0,0x16ED7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1828 Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:47:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1828 Object Type: Key Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1828 Operation ID: {0,96088} Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE READ_CONTROL WRITE_DAC WRITE_OWNER Query key value Set key value Create sub-key Enumerate sub-keys Notify about changes to keys Create Link Privileges: - Restricted Sid Count: 0 Access Mask: 0xF003F " 4/17/2020 11:47:07 AM Security Success Audit Object Access 562 AERODB\SQLServer AERODB "Handle Closed: Object Server: Security Handle ID: 348 Process ID: 2176 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe " 4/17/2020 11:47:07 AM Security Success Audit Object Access 567 AERODB\SQLServer AERODB "Object Access Attempt: Object Server: Security Handle ID: 348 Object Type: Key Process ID: 2176 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 560 AERODB\SQLServer AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 348 Operation ID: {0,95980} Process ID: 2176 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe Primary User Name: SQLServer Primary Domain: AERODB Primary Logon ID: (0x0,0x16ED7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 562 AERODB\SQLServer AERODB "Handle Closed: Object Server: Security Handle ID: 36 Process ID: 2176 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe " 4/17/2020 11:47:07 AM Security Success Audit Object Access 567 AERODB\SQLServer AERODB "Object Access Attempt: Object Server: Security Handle ID: 36 Object Type: Key Process ID: 2176 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 560 AERODB\SQLServer AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 36 Operation ID: {0,94601} Process ID: 2176 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe Primary User Name: SQLServer Primary Domain: AERODB Primary Logon ID: (0x0,0x16ED7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1232 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:47:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1232 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1232 Operation ID: {0,94071} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 562 NT AUTHORITY\LOCAL SERVICE AERODB "Handle Closed: Object Server: Security Handle ID: 176 Process ID: 2076 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:47:07 AM Security Success Audit Object Access 567 NT AUTHORITY\LOCAL SERVICE AERODB "Object Access Attempt: Object Server: Security Handle ID: 176 Object Type: Key Process ID: 2076 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 560 NT AUTHORITY\LOCAL SERVICE AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 176 Operation ID: {0,93981} Process ID: 2076 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: LOCAL SERVICE Primary Domain: NT AUTHORITY Primary Logon ID: (0x0,0x3E5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Logon/Logoff 576 AERODB\SQLServer AERODB "Special privileges assigned to new logon: User Name: SQLServer Domain: AERODB Logon ID: (0x0,0x16ED7) Privileges: SeAssignPrimaryTokenPrivilege SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege" 4/17/2020 11:47:07 AM Security Success Audit Logon/Logoff 528 AERODB\SQLServer AERODB "Successful Logon: User Name: SQLServer Domain: AERODB Logon ID: (0x0,0x16ED7) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: AERODB Logon GUID: - Caller User Name: AERODB$ Caller Domain: AIS Caller Logon ID: (0x0,0x3E7) Caller Process ID: 496 Transited Services: - Source Network Address: - Source Port: - " 4/17/2020 11:47:07 AM Security Success Audit Logon/Logoff 552 NT AUTHORITY\SYSTEM AERODB "Logon attempt using explicit credentials: Logged on user: User Name: AERODB$ Domain: AIS Logon ID: (0x0,0x3E7) Logon GUID: - User whose credentials were used: Target User Name: SQLServer Target Domain: AERODB Target Logon GUID: - Target Server Name: localhost Target Server Info: localhost Caller Process ID: 496 Source Network Address: - Source Port: - " 4/17/2020 11:47:07 AM Security Success Audit Account Logon 680 AERODB\SQLServer AERODB "Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: SQLServer Source Workstation: AERODB Error Code: 0x0 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 562 NT AUTHORITY\LOCAL SERVICE AERODB "Handle Closed: Object Server: Security Handle ID: 64 Process ID: 2076 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:47:07 AM Security Success Audit Object Access 567 NT AUTHORITY\LOCAL SERVICE AERODB "Object Access Attempt: Object Server: Security Handle ID: 64 Object Type: Key Process ID: 2076 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 560 NT AUTHORITY\LOCAL SERVICE AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 64 Operation ID: {0,93036} Process ID: 2076 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: LOCAL SERVICE Primary Domain: NT AUTHORITY Primary Logon ID: (0x0,0x3E5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 500 Process ID: 1836 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe " 4/17/2020 11:47:07 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 500 Object Type: Key Process ID: 1836 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 500 Operation ID: {0,92979} Process ID: 1836 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x14901) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1560 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1560 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 1560 Operation ID: {0,92713} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 562 AERODB\SQLServer AERODB "Handle Closed: Object Server: Security Handle ID: 256 Process ID: 1968 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe " 4/17/2020 11:47:07 AM Security Success Audit Object Access 567 AERODB\SQLServer AERODB "Object Access Attempt: Object Server: Security Handle ID: 256 Object Type: Key Process ID: 1968 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 560 AERODB\SQLServer AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 256 Operation ID: {0,92136} Process ID: 1968 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe Primary User Name: SQLServer Primary Domain: AERODB Primary Logon ID: (0x0,0x161E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1200 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:47:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1200 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1200 Operation ID: {0,92044} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 562 AERODB\SQLServer AERODB "Handle Closed: Object Server: Security Handle ID: 128 Process ID: 1968 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe " 4/17/2020 11:47:07 AM Security Success Audit Object Access 567 AERODB\SQLServer AERODB "Object Access Attempt: Object Server: Security Handle ID: 128 Object Type: Key Process ID: 1968 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 560 AERODB\SQLServer AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 128 Operation ID: {0,91536} Process ID: 1968 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe Primary User Name: SQLServer Primary Domain: AERODB Primary Logon ID: (0x0,0x161E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 562 AERODB\SQLServer AERODB "Handle Closed: Object Server: Security Handle ID: 52 Process ID: 1968 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe " 4/17/2020 11:47:07 AM Security Success Audit Object Access 567 AERODB\SQLServer AERODB "Object Access Attempt: Object Server: Security Handle ID: 52 Object Type: Key Process ID: 1968 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 560 AERODB\SQLServer AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 52 Operation ID: {0,91491} Process ID: 1968 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe Primary User Name: SQLServer Primary Domain: AERODB Primary Logon ID: (0x0,0x161E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1184 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:47:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1184 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1184 Operation ID: {0,91194} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 562 AERODB\SQLServer AERODB "Handle Closed: Object Server: Security Handle ID: 1544 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:07 AM Security Success Audit Object Access 567 AERODB\SQLServer AERODB "Object Access Attempt: Object Server: Security Handle ID: 1544 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 560 AERODB\SQLServer AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1544 Operation ID: {0,91144} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: SQLServer Client Domain: AERODB Client Logon ID: (0x0,0x161E7) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 562 AERODB\SQLServer AERODB "Handle Closed: Object Server: Security Handle ID: 1544 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:07 AM Security Success Audit Object Access 567 AERODB\SQLServer AERODB "Object Access Attempt: Object Server: Security Handle ID: 1544 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 560 AERODB\SQLServer AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1544 Operation ID: {0,91098} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: SQLServer Client Domain: AERODB Client Logon ID: (0x0,0x161E7) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1868 Process ID: 448 Image File Name: C:\WINDOWS\system32\winlogon.exe " 4/17/2020 11:47:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1868 Object Type: Key Process ID: 448 Image File Name: C:\WINDOWS\system32\winlogon.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1868 Operation ID: {0,90819} Process ID: 448 Image File Name: C:\WINDOWS\system32\winlogon.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: AERODB$ Client Domain: AIS Client Logon ID: (0x0,0x3E7) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Logon/Logoff 576 AERODB\SQLServer AERODB "Special privileges assigned to new logon: User Name: SQLServer Domain: AERODB Logon ID: (0x0,0x161E7) Privileges: SeAssignPrimaryTokenPrivilege SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege" 4/17/2020 11:47:07 AM Security Success Audit Logon/Logoff 528 AERODB\SQLServer AERODB "Successful Logon: User Name: SQLServer Domain: AERODB Logon ID: (0x0,0x161E7) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: AERODB Logon GUID: - Caller User Name: AERODB$ Caller Domain: AIS Caller Logon ID: (0x0,0x3E7) Caller Process ID: 496 Transited Services: - Source Network Address: - Source Port: - " 4/17/2020 11:47:07 AM Security Success Audit Logon/Logoff 552 NT AUTHORITY\SYSTEM AERODB "Logon attempt using explicit credentials: Logged on user: User Name: AERODB$ Domain: AIS Logon ID: (0x0,0x3E7) Logon GUID: - User whose credentials were used: Target User Name: SQLServer Target Domain: AERODB Target Logon GUID: - Target Server Name: localhost Target Server Info: localhost Caller Process ID: 496 Source Network Address: - Source Port: - " 4/17/2020 11:47:07 AM Security Success Audit Account Logon 680 AERODB\SQLServer AERODB "Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: SQLServer Source Workstation: AERODB Error Code: 0x0 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 48 Process ID: 1836 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe " 4/17/2020 11:47:07 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 48 Object Type: Key Process ID: 1836 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 48 Operation ID: {0,90242} Process ID: 1836 Image File Name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x14901) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1160 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:47:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1160 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1160 Operation ID: {0,86696} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1544 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:07 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1544 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1544 Operation ID: {0,86621} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x14901) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1544 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:07 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1544 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1544 Operation ID: {0,86556} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: Administrator Client Domain: AERODB Client Logon ID: (0x0,0x14901) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Account Manager Handle ID: 766224 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:47:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Account Manager Object Type: SAM_DOMAIN Object Name: AERODB Handle ID: 766224 Operation ID: {0,85785} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: AERODB$ Client Domain: AIS Client Logon ID: (0x0,0x3E7) Accesses: CreateLocalGroup LookupIDs Privileges: - Restricted Sid Count: 0 Access Mask: 0x240 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1880 Process ID: 448 Image File Name: C:\WINDOWS\system32\winlogon.exe " 4/17/2020 11:47:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1880 Object Type: Key Process ID: 448 Image File Name: C:\WINDOWS\system32\winlogon.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1880 Operation ID: {0,85269} Process ID: 448 Image File Name: C:\WINDOWS\system32\winlogon.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: AERODB$ Client Domain: AIS Client Logon ID: (0x0,0x3E7) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:07 AM Security Success Audit Logon/Logoff 576 AERODB\Administrator AERODB "Special privileges assigned to new logon: User Name: Domain: Logon ID: (0x0,0x14901) Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege" 4/17/2020 11:47:07 AM Security Success Audit Logon/Logoff 528 AERODB\Administrator AERODB "Successful Logon: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x14901) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: AERODB Logon GUID: - Caller User Name: AERODB$ Caller Domain: AIS Caller Logon ID: (0x0,0x3E7) Caller Process ID: 496 Transited Services: - Source Network Address: - Source Port: - " 4/17/2020 11:47:07 AM Security Success Audit Logon/Logoff 552 NT AUTHORITY\SYSTEM AERODB "Logon attempt using explicit credentials: Logged on user: User Name: AERODB$ Domain: AIS Logon ID: (0x0,0x3E7) Logon GUID: - User whose credentials were used: Target User Name: Administrator Target Domain: AERODB Target Logon GUID: - Target Server Name: localhost Target Server Info: localhost Caller Process ID: 496 Source Network Address: - Source Port: - " 4/17/2020 11:47:07 AM Security Success Audit Account Logon 680 AERODB\Administrator AERODB "Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: administrator Source Workstation: AERODB Error Code: 0x0 " 4/17/2020 11:47:04 AM Security Success Audit Object Access 562 NT AUTHORITY\NETWORK SERVICE AERODB "Handle Closed: Object Server: Security Handle ID: 784 Process ID: 1628 Image File Name: C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe " 4/17/2020 11:47:04 AM Security Success Audit Object Access 567 NT AUTHORITY\NETWORK SERVICE AERODB "Object Access Attempt: Object Server: Security Handle ID: 784 Object Type: Key Process ID: 1628 Image File Name: C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:04 AM Security Success Audit Object Access 560 NT AUTHORITY\NETWORK SERVICE AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 784 Operation ID: {0,82847} Process ID: 1628 Image File Name: C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe Primary User Name: NETWORK SERVICE Primary Domain: NT AUTHORITY Primary Logon ID: (0x0,0x3E4) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:47:04 AM Security Success Audit Object Access 562 NT AUTHORITY\NETWORK SERVICE AERODB "Handle Closed: Object Server: Security Handle ID: 756 Process ID: 1628 Image File Name: C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe " 4/17/2020 11:47:04 AM Security Success Audit Object Access 567 NT AUTHORITY\NETWORK SERVICE AERODB "Object Access Attempt: Object Server: Security Handle ID: 756 Object Type: Key Process ID: 1628 Image File Name: C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:04 AM Security Success Audit Object Access 560 NT AUTHORITY\NETWORK SERVICE AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 756 Operation ID: {0,82628} Process ID: 1628 Image File Name: C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe Primary User Name: NETWORK SERVICE Primary Domain: NT AUTHORITY Primary Logon ID: (0x0,0x3E4) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:04 AM Security Success Audit Object Access 562 NT AUTHORITY\NETWORK SERVICE AERODB "Handle Closed: Object Server: Security Handle ID: 532 Process ID: 1628 Image File Name: C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe " 4/17/2020 11:47:04 AM Security Success Audit Object Access 567 NT AUTHORITY\NETWORK SERVICE AERODB "Object Access Attempt: Object Server: Security Handle ID: 532 Object Type: Key Process ID: 1628 Image File Name: C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:04 AM Security Success Audit Object Access 560 NT AUTHORITY\NETWORK SERVICE AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 532 Operation ID: {0,82314} Process ID: 1628 Image File Name: C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe Primary User Name: NETWORK SERVICE Primary Domain: NT AUTHORITY Primary Logon ID: (0x0,0x3E4) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:04 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 504 Process ID: 1600 Image File Name: C:\WINDOWS\system32\inetsrv\inetinfo.exe " 4/17/2020 11:47:04 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 504 Object Type: Key Process ID: 1600 Image File Name: C:\WINDOWS\system32\inetsrv\inetinfo.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:04 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 504 Operation ID: {0,81609} Process ID: 1600 Image File Name: C:\WINDOWS\system32\inetsrv\inetinfo.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:04 AM Security Success Audit Logon/Logoff 540 NT AUTHORITY\ANONYMOUS LOGON AERODB "Successful Network Logon: User Name: Domain: Logon ID: (0x0,0x13DAE) Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NTLM Workstation Name: Logon GUID: - Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: - Source Port: - " 4/17/2020 11:47:04 AM Security Success Audit Object Access 562 NT AUTHORITY\NETWORK SERVICE AERODB "Handle Closed: Object Server: Security Handle ID: 344 Process ID: 1628 Image File Name: C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe " 4/17/2020 11:47:04 AM Security Success Audit Object Access 567 NT AUTHORITY\NETWORK SERVICE AERODB "Object Access Attempt: Object Server: Security Handle ID: 344 Object Type: Key Process ID: 1628 Image File Name: C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:04 AM Security Success Audit Object Access 560 NT AUTHORITY\NETWORK SERVICE AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 344 Operation ID: {0,81304} Process ID: 1628 Image File Name: C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe Primary User Name: NETWORK SERVICE Primary Domain: NT AUTHORITY Primary Logon ID: (0x0,0x3E4) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:04 AM Security Success Audit Object Access 562 NT AUTHORITY\NETWORK SERVICE AERODB "Handle Closed: Object Server: Security Handle ID: 36 Process ID: 1628 Image File Name: C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe " 4/17/2020 11:47:04 AM Security Success Audit Object Access 567 NT AUTHORITY\NETWORK SERVICE AERODB "Object Access Attempt: Object Server: Security Handle ID: 36 Object Type: Key Process ID: 1628 Image File Name: C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:04 AM Security Success Audit Object Access 560 NT AUTHORITY\NETWORK SERVICE AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 36 Operation ID: {0,80685} Process ID: 1628 Image File Name: C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe Primary User Name: NETWORK SERVICE Primary Domain: NT AUTHORITY Primary Logon ID: (0x0,0x3E4) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1084 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:47:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1084 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1084 Operation ID: {0,80464} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 120 Process ID: 1600 Image File Name: C:\WINDOWS\system32\inetsrv\inetinfo.exe " 4/17/2020 11:47:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 120 Object Type: Key Process ID: 1600 Image File Name: C:\WINDOWS\system32\inetsrv\inetinfo.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 120 Operation ID: {0,80237} Process ID: 1600 Image File Name: C:\WINDOWS\system32\inetsrv\inetinfo.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 116 Process ID: 1600 Image File Name: C:\WINDOWS\system32\inetsrv\inetinfo.exe " 4/17/2020 11:47:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 116 Object Type: Key Process ID: 1600 Image File Name: C:\WINDOWS\system32\inetsrv\inetinfo.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 116 Operation ID: {0,80228} Process ID: 1600 Image File Name: C:\WINDOWS\system32\inetsrv\inetinfo.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:47:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1068 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:47:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1068 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1068 Operation ID: {0,80127} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 128 Process ID: 1524 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:47:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 128 Object Type: Key Process ID: 1524 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 128 Operation ID: {0,79332} Process ID: 1524 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:47:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 68 Process ID: 1524 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:47:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 68 Object Type: Key Process ID: 1524 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 68 Operation ID: {0,79288} Process ID: 1524 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1044 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:47:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1044 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1044 Operation ID: {0,78927} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:03 AM Security Success Audit Object Access 562 NT AUTHORITY\NETWORK SERVICE AERODB "Handle Closed: Object Server: Security Handle ID: 272 Process ID: 1376 Image File Name: C:\WINDOWS\system32\msdtc.exe " 4/17/2020 11:47:03 AM Security Success Audit Object Access 567 NT AUTHORITY\NETWORK SERVICE AERODB "Object Access Attempt: Object Server: Security Handle ID: 272 Object Type: Key Process ID: 1376 Image File Name: C:\WINDOWS\system32\msdtc.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:03 AM Security Success Audit Object Access 560 NT AUTHORITY\NETWORK SERVICE AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 272 Operation ID: {0,77889} Process ID: 1376 Image File Name: C:\WINDOWS\system32\msdtc.exe Primary User Name: NETWORK SERVICE Primary Domain: NT AUTHORITY Primary Logon ID: (0x0,0x3E4) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:03 AM Security Success Audit Object Access 562 NT AUTHORITY\NETWORK SERVICE AERODB "Handle Closed: Object Server: Security Handle ID: 120 Process ID: 1376 Image File Name: C:\WINDOWS\system32\msdtc.exe " 4/17/2020 11:47:03 AM Security Success Audit Object Access 567 NT AUTHORITY\NETWORK SERVICE AERODB "Object Access Attempt: Object Server: Security Handle ID: 120 Object Type: Key Process ID: 1376 Image File Name: C:\WINDOWS\system32\msdtc.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:03 AM Security Success Audit Object Access 560 NT AUTHORITY\NETWORK SERVICE AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 120 Operation ID: {0,77506} Process ID: 1376 Image File Name: C:\WINDOWS\system32\msdtc.exe Primary User Name: NETWORK SERVICE Primary Domain: NT AUTHORITY Primary Logon ID: (0x0,0x3E4) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:03 AM Security Success Audit Object Access 562 NT AUTHORITY\NETWORK SERVICE AERODB "Handle Closed: Object Server: Security Handle ID: 116 Process ID: 1376 Image File Name: C:\WINDOWS\system32\msdtc.exe " 4/17/2020 11:47:03 AM Security Success Audit Object Access 567 NT AUTHORITY\NETWORK SERVICE AERODB "Object Access Attempt: Object Server: Security Handle ID: 116 Object Type: Key Process ID: 1376 Image File Name: C:\WINDOWS\system32\msdtc.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:03 AM Security Success Audit Object Access 560 NT AUTHORITY\NETWORK SERVICE AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 116 Operation ID: {0,77485} Process ID: 1376 Image File Name: C:\WINDOWS\system32\msdtc.exe Primary User Name: NETWORK SERVICE Primary Domain: NT AUTHORITY Primary Logon ID: (0x0,0x3E4) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:47:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1028 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:47:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1028 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1028 Operation ID: {0,77050} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 180 Process ID: 1312 Image File Name: C:\WINDOWS\system32\spoolsv.exe " 4/17/2020 11:47:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 180 Object Type: Key Process ID: 1312 Image File Name: C:\WINDOWS\system32\spoolsv.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 180 Operation ID: {0,76591} Process ID: 1312 Image File Name: C:\WINDOWS\system32\spoolsv.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 84 Process ID: 1312 Image File Name: C:\WINDOWS\system32\spoolsv.exe " 4/17/2020 11:47:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 84 Object Type: Key Process ID: 1312 Image File Name: C:\WINDOWS\system32\spoolsv.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 84 Operation ID: {0,76503} Process ID: 1312 Image File Name: C:\WINDOWS\system32\spoolsv.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1012 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:47:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1012 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1012 Operation ID: {0,76415} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2596 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2596 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2596 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2596 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4.tmp Handle ID: 2596 Operation ID: {0,76274} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2596 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2596 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2596 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:47:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2596 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:47:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3.tmp Handle ID: 2596 Operation ID: {0,76269} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:47:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2596 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2596 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4.tmp Handle ID: 2596 Operation ID: {0,76264} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2596 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:47:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2600 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2596 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4.tmp Handle ID: 2600 Operation ID: {0,76253} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:47:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:47:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3.tmp Handle ID: 2596 Operation ID: {0,76250} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3.tmp Handle ID: 2592 Operation ID: {0,76249} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2592 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:47:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3.tmp Handle ID: 2592 Operation ID: {0,76238} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:47:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar4.tmp Handle ID: 2592 Operation ID: {0,76237} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3.tmp Handle ID: 2592 Operation ID: {0,76233} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:47:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2600 Operation ID: {0,76200} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2600 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2600 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2600 Operation ID: {0,76164} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:47:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2592 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:47:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2592 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:47:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2592 Operation ID: {0,76119} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2492 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2492 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2492 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2492 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2.tmp Handle ID: 2492 Operation ID: {0,75280} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2492 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2492 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2492 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2492 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1.tmp Handle ID: 2492 Operation ID: {0,75279} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2492 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2492 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2.tmp Handle ID: 2492 Operation ID: {0,75278} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2492 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2500 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2492 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2.tmp Handle ID: 2500 Operation ID: {0,75277} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2496 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1.tmp Handle ID: 2492 Operation ID: {0,75276} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1.tmp Handle ID: 2496 Operation ID: {0,75275} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2492 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2492 Object Type: File Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1.tmp Handle ID: 2492 Operation ID: {0,75268} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2492 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar2.tmp Handle ID: 2492 Operation ID: {0,75267} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2492 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab1.tmp Handle ID: 2492 Operation ID: {0,75265} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2500 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2500 Operation ID: {0,75236} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2500 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2500 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2500 Operation ID: {0,75204} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2496 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2496 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2496 Operation ID: {0,75164} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2356 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2356 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2356 Operation ID: {0,74880} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2060 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2060 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 2060 Operation ID: {0,74304} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1460 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 1460 Operation ID: {0,72403} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1460 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1460 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1460 Operation ID: {0,72339} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 992 Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 992 Object Type: File Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1012 Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1012 Object Type: File Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: WRITE_DAC Access Mask: 0x40000 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1008 Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Tasks\SA.DAT Handle ID: 992 Operation ID: {0,71677} Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL WRITE_DAC SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x16019F " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 836 Object Type: File Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Tasks\SchedLgU.Txt Handle ID: 836 Operation ID: {0,71530} Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 328 Process ID: 780 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 328 Object Type: Key Process ID: 780 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 328 Operation ID: {0,70800} Process ID: 780 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\NETWORK SERVICE AERODB "Handle Closed: Object Server: Security Handle ID: 464 Process ID: 836 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\NETWORK SERVICE AERODB "Object Access Attempt: Object Server: Security Handle ID: 464 Object Type: Key Process ID: 836 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\NETWORK SERVICE AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 464 Operation ID: {0,70619} Process ID: 836 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: NETWORK SERVICE Primary Domain: NT AUTHORITY Primary Logon ID: (0x0,0x3E4) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\NETWORK SERVICE AERODB "Handle Closed: Object Server: Security Handle ID: 444 Process ID: 900 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\NETWORK SERVICE AERODB "Object Access Attempt: Object Server: Security Handle ID: 444 Object Type: Key Process ID: 900 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\NETWORK SERVICE AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 444 Operation ID: {0,70130} Process ID: 900 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: NETWORK SERVICE Primary Domain: NT AUTHORITY Primary Logon ID: (0x0,0x3E4) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3504 Process ID: 4 Image File Name: " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\TEMP Handle ID: -2147480144 Operation ID: {0,69753} Process ID: 680 Image File Name: Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE WriteData (or AddFile) Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x100002 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 428 Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 428 Object Type: Key Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 428 Operation ID: {0,69173} Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 964 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Security Handle ID: 964 Operation ID: {0,68908} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Set key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x2001B " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 964 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Security Handle ID: 964 Operation ID: {0,68903} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Set key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x2001B " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 128 Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 128 Object Type: Key Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 128 Operation ID: {0,68693} Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 68 Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 68 Object Type: Key Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 68 Operation ID: {0,68655} Process ID: 960 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 952 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 952 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 952 Operation ID: {0,68569} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\LOCAL SERVICE AERODB "Handle Closed: Object Server: Security Handle ID: 124 Process ID: 936 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\LOCAL SERVICE AERODB "Object Access Attempt: Object Server: Security Handle ID: 124 Object Type: Key Process ID: 936 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\LOCAL SERVICE AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 124 Operation ID: {0,68435} Process ID: 936 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: LOCAL SERVICE Primary Domain: NT AUTHORITY Primary Logon ID: (0x0,0x3E5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\LOCAL SERVICE AERODB "Handle Closed: Object Server: Security Handle ID: 68 Process ID: 936 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\LOCAL SERVICE AERODB "Object Access Attempt: Object Server: Security Handle ID: 68 Object Type: Key Process ID: 936 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\LOCAL SERVICE AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 68 Operation ID: {0,68398} Process ID: 936 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: LOCAL SERVICE Primary Domain: NT AUTHORITY Primary Logon ID: (0x0,0x3E5) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 948 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 948 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 948 Operation ID: {0,68300} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\NETWORK SERVICE AERODB "Handle Closed: Object Server: Security Handle ID: 332 Process ID: 900 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\NETWORK SERVICE AERODB "Object Access Attempt: Object Server: Security Handle ID: 332 Object Type: Key Process ID: 900 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\NETWORK SERVICE AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 332 Operation ID: {0,68262} Process ID: 900 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: NETWORK SERVICE Primary Domain: NT AUTHORITY Primary Logon ID: (0x0,0x3E4) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\LOCAL SERVICE AERODB "Handle Closed: Object Server: Security Handle ID: 1200 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\LOCAL SERVICE AERODB "Object Access Attempt: Object Server: Security Handle ID: 1200 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\LOCAL SERVICE AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1200 Operation ID: {0,68198} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: LOCAL SERVICE Client Domain: NT AUTHORITY Client Logon ID: (0x0,0x3E5) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\LOCAL SERVICE AERODB "Handle Closed: Object Server: Security Handle ID: 1200 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\LOCAL SERVICE AERODB "Object Access Attempt: Object Server: Security Handle ID: 1200 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\LOCAL SERVICE AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1200 Operation ID: {0,68164} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: LOCAL SERVICE Client Domain: NT AUTHORITY Client Logon ID: (0x0,0x3E5) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1744 Process ID: 448 Image File Name: C:\WINDOWS\system32\winlogon.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1744 Object Type: Key Process ID: 448 Image File Name: C:\WINDOWS\system32\winlogon.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1744 Operation ID: {0,68059} Process ID: 448 Image File Name: C:\WINDOWS\system32\winlogon.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: AERODB$ Client Domain: AIS Client Logon ID: (0x0,0x3E7) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Logon/Logoff 576 NT AUTHORITY\LOCAL SERVICE AERODB "Special privileges assigned to new logon: User Name: LOCAL SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E5) Privileges: SeAuditPrivilege SeAssignPrimaryTokenPrivilege SeImpersonatePrivilege" 4/17/2020 11:46:59 AM Security Success Audit Logon/Logoff 528 NT AUTHORITY\LOCAL SERVICE AERODB "Successful Logon: User Name: LOCAL SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E5) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: Logon GUID: - Caller User Name: AERODB$ Caller Domain: AIS Caller Logon ID: (0x0,0x3E7) Caller Process ID: 496 Transited Services: - Source Network Address: - Source Port: - " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\NETWORK SERVICE AERODB "Handle Closed: Object Server: Security Handle ID: 64 Process ID: 900 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\NETWORK SERVICE AERODB "Object Access Attempt: Object Server: Security Handle ID: 64 Object Type: Key Process ID: 900 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\NETWORK SERVICE AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 64 Operation ID: {0,67752} Process ID: 900 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: NETWORK SERVICE Primary Domain: NT AUTHORITY Primary Logon ID: (0x0,0x3E4) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 928 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 928 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 928 Operation ID: {0,67653} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\NETWORK SERVICE AERODB "Handle Closed: Object Server: Security Handle ID: 180 Process ID: 836 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\NETWORK SERVICE AERODB "Object Access Attempt: Object Server: Security Handle ID: 180 Object Type: Key Process ID: 836 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\NETWORK SERVICE AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 180 Operation ID: {0,66982} Process ID: 836 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: NETWORK SERVICE Primary Domain: NT AUTHORITY Primary Logon ID: (0x0,0x3E4) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\NETWORK SERVICE AERODB "Handle Closed: Object Server: Security Handle ID: 64 Process ID: 836 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\NETWORK SERVICE AERODB "Object Access Attempt: Object Server: Security Handle ID: 64 Object Type: Key Process ID: 836 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\NETWORK SERVICE AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 64 Operation ID: {0,66913} Process ID: 836 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: NETWORK SERVICE Primary Domain: NT AUTHORITY Primary Logon ID: (0x0,0x3E4) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 736 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 736 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 736 Operation ID: {0,66815} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\NETWORK SERVICE AERODB "Handle Closed: Object Server: Security Handle ID: 1164 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\NETWORK SERVICE AERODB "Object Access Attempt: Object Server: Security Handle ID: 1164 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\NETWORK SERVICE AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1164 Operation ID: {0,66758} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: NETWORK SERVICE Client Domain: NT AUTHORITY Client Logon ID: (0x0,0x3E4) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\NETWORK SERVICE AERODB "Handle Closed: Object Server: Security Handle ID: 1164 Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\NETWORK SERVICE AERODB "Object Access Attempt: Object Server: Security Handle ID: 1164 Object Type: Key Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\NETWORK SERVICE AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1164 Operation ID: {0,66711} Process ID: 508 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: NETWORK SERVICE Client Domain: NT AUTHORITY Client Logon ID: (0x0,0x3E4) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1736 Process ID: 448 Image File Name: C:\WINDOWS\system32\winlogon.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1736 Object Type: Key Process ID: 448 Image File Name: C:\WINDOWS\system32\winlogon.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1736 Operation ID: {0,66530} Process ID: 448 Image File Name: C:\WINDOWS\system32\winlogon.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: AERODB$ Client Domain: AIS Client Logon ID: (0x0,0x3E7) Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 848 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:46:59 AM Security Success Audit Logon/Logoff 576 NT AUTHORITY\NETWORK SERVICE AERODB "Special privileges assigned to new logon: User Name: NETWORK SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E4) Privileges: SeAuditPrivilege SeAssignPrimaryTokenPrivilege SeImpersonatePrivilege" 4/17/2020 11:46:59 AM Security Success Audit Logon/Logoff 528 NT AUTHORITY\NETWORK SERVICE AERODB "Successful Logon: User Name: NETWORK SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E4) Logon Type: 5 Logon Process: Advapi Authentication Package: Negotiate Workstation Name: Logon GUID: - Caller User Name: AERODB$ Caller Domain: AIS Caller Logon ID: (0x0,0x3E7) Caller Process ID: 496 Transited Services: - Source Network Address: - Source Port: - " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Security Handle ID: 848 Operation ID: {0,66292} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Set key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x2001B " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 740 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 740 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Set key value Access Mask: 0x2 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Security Handle ID: 740 Operation ID: {0,66234} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Set key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x2001B " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1028 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1028 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1028 Operation ID: {0,66168} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 176 Process ID: 780 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 176 Object Type: Key Process ID: 780 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 176 Operation ID: {0,65884} Process ID: 780 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 688 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 688 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 688 Operation ID: {0,65828} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 64 Process ID: 780 Image File Name: C:\WINDOWS\system32\svchost.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 64 Object Type: Key Process ID: 780 Image File Name: C:\WINDOWS\system32\svchost.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 64 Operation ID: {0,65750} Process ID: 780 Image File Name: C:\WINDOWS\system32\svchost.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 684 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 684 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 684 Operation ID: {0,65658} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 120 Process ID: 736 Image File Name: C:\Program Files\VMware\VMware Tools\vmacthlp.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 120 Object Type: Key Process ID: 736 Image File Name: C:\Program Files\VMware\VMware Tools\vmacthlp.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 120 Operation ID: {0,65157} Process ID: 736 Image File Name: C:\Program Files\VMware\VMware Tools\vmacthlp.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 488 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 488 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 488 Operation ID: {0,65098} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 44 Process ID: 736 Image File Name: C:\Program Files\VMware\VMware Tools\vmacthlp.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 44 Object Type: Key Process ID: 736 Image File Name: C:\Program Files\VMware\VMware Tools\vmacthlp.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 44 Operation ID: {0,65090} Process ID: 736 Image File Name: C:\Program Files\VMware\VMware Tools\vmacthlp.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 688 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 688 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 688 Operation ID: {0,64902} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 124 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 124 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 124 Operation ID: {0,64071} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 120 Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 120 Object Type: Key Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 120 Operation ID: {0,63799} Process ID: 680 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 672 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 672 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 672 Operation ID: {0,63627} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 544 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 544 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 544 Operation ID: {0,62223} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 460 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 460 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 460 Operation ID: {0,61727} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 348 Process ID: 448 Image File Name: C:\WINDOWS\system32\winlogon.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 348 Object Type: Key Process ID: 448 Image File Name: C:\WINDOWS\system32\winlogon.exe Accesses: Set key value Access Mask: 0x2 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\SFC Handle ID: 348 Operation ID: {0,61493} Process ID: 448 Image File Name: C:\WINDOWS\system32\winlogon.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Set key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x2 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 348 Process ID: 448 Image File Name: C:\WINDOWS\system32\winlogon.exe " 4/17/2020 11:46:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 348 Object Type: Key Process ID: 448 Image File Name: C:\WINDOWS\system32\winlogon.exe Accesses: Set key value Access Mask: 0x2 " 4/17/2020 11:46:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\SFC Handle ID: 348 Operation ID: {0,61491} Process ID: 448 Image File Name: C:\WINDOWS\system32\winlogon.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Set key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x2 " 4/17/2020 11:46:59 AM Security Success Audit Logon/Logoff 528 NT AUTHORITY\SYSTEM AERODB "Successful Logon: User Name: SYSTEM Domain: NT AUTHORITY Logon ID: (0x0,0x3E7) Logon Type: 0 Logon Process: - Authentication Package: - Workstation Name: - Logon GUID: - Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: 4 Transited Services: - Source Network Address: - Source Port: - " 4/17/2020 11:46:03 AM SECURITY Success Audit System Event 513 N/A AERODB Windows is shutting down. All logon sessions will be terminated by this shutdown. 4/17/2020 11:46:02 AM Security Success Audit Logon/Logoff 551 AERODB\Administrator AERODB "User initiated logoff: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x2346d7) " 4/17/2020 11:46:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 508 Process ID: 448 Image File Name: C:\WINDOWS\system32\winlogon.exe " 4/17/2020 11:46:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 508 Object Type: Key Process ID: 448 Image File Name: C:\WINDOWS\system32\winlogon.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 508 Operation ID: {0,9092390} Process ID: 448 Image File Name: C:\WINDOWS\system32\winlogon.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:46:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 508 Process ID: 448 Image File Name: C:\WINDOWS\system32\winlogon.exe " 4/17/2020 11:46:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 508 Object Type: Key Process ID: 448 Image File Name: C:\WINDOWS\system32\winlogon.exe Accesses: Set key value Access Mask: 0x2 " 4/17/2020 11:46:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\SFC Handle ID: 508 Operation ID: {0,9092386} Process ID: 448 Image File Name: C:\WINDOWS\system32\winlogon.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Set key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x2 " 4/17/2020 11:46:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 508 Process ID: 448 Image File Name: C:\WINDOWS\system32\winlogon.exe " 4/17/2020 11:46:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 508 Object Type: Key Process ID: 448 Image File Name: C:\WINDOWS\system32\winlogon.exe Accesses: Set key value Access Mask: 0x2 " 4/17/2020 11:46:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\SFC Handle ID: 508 Operation ID: {0,9092383} Process ID: 448 Image File Name: C:\WINDOWS\system32\winlogon.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Set key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x2 " 4/17/2020 11:46:00 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 672 Process ID: 3256 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:46:00 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 672 Object Type: Key Process ID: 3256 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:00 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 672 Operation ID: {0,9091608} Process ID: 3256 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x2346D7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:46:00 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 676 Process ID: 3256 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:46:00 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 676 Object Type: Key Process ID: 3256 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:00 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 676 Operation ID: {0,9091534} Process ID: 3256 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x2346D7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:46:00 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 544 Process ID: 3256 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:46:00 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 544 Object Type: Key Process ID: 3256 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:00 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 544 Operation ID: {0,9091237} Process ID: 3256 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x2346D7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:46:00 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 124 Process ID: 3256 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:46:00 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 124 Object Type: Key Process ID: 3256 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:00 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 124 Operation ID: {0,9089440} Process ID: 3256 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x2346D7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:46:00 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 120 Process ID: 3256 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:46:00 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 120 Object Type: Key Process ID: 3256 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:00 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 120 Operation ID: {0,9089200} Process ID: 3256 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x2346D7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:46:00 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:46:00 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2272 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:46:00 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2272 Operation ID: {0,9088939} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2272 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2272 Operation ID: {0,9087850} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:57 AM Security Success Audit Logon/Logoff 551 AERODB\Administrator AERODB "User initiated logoff: User Name: Administrator Domain: AERODB Logon ID: (0x0,0x523ca) " 4/17/2020 11:45:49 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 776 Process ID: 5612 Image File Name: C:\WINDOWS\explorer.exe " 4/17/2020 11:45:49 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 776 Object Type: Key Process ID: 5612 Image File Name: C:\WINDOWS\explorer.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:49 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Power Handle ID: 776 Operation ID: {0,9081882} Process ID: 5612 Image File Name: C:\WINDOWS\explorer.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x523CA) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 128 Process ID: 5480 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 128 Object Type: Key Process ID: 5480 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 128 Operation ID: {0,9073046} Process ID: 5480 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x523CA) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 92 Process ID: 5480 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 92 Object Type: Key Process ID: 5480 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 92 Operation ID: {0,9072981} Process ID: 5480 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x523CA) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3579.tmp Handle ID: 3912 Operation ID: {0,9072749} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3578.tmp Handle ID: 3912 Operation ID: {0,9072744} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3579.tmp Handle ID: 3912 Operation ID: {0,9072741} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2496 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3579.tmp Handle ID: 3576 Operation ID: {0,9072728} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2496 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3578.tmp Handle ID: 3912 Operation ID: {0,9072725} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3578.tmp Handle ID: 2496 Operation ID: {0,9072724} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2496 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2496 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3578.tmp Handle ID: 2496 Operation ID: {0,9072715} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2496 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3579.tmp Handle ID: 2496 Operation ID: {0,9072710} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2496 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3578.tmp Handle ID: 2496 Operation ID: {0,9072706} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3060 Operation ID: {0,9072655} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3060 Operation ID: {0,9072591} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3577.tmp Handle ID: 1524 Operation ID: {0,9072559} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3576.tmp Handle ID: 1524 Operation ID: {0,9072552} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3577.tmp Handle ID: 1524 Operation ID: {0,9072549} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2496 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2496 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2496 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3577.tmp Handle ID: 2496 Operation ID: {0,9072530} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1656 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3576.tmp Handle ID: 1524 Operation ID: {0,9072529} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3576.tmp Handle ID: 1656 Operation ID: {0,9072528} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1656 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3576.tmp Handle ID: 1656 Operation ID: {0,9072517} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3577.tmp Handle ID: 1656 Operation ID: {0,9072516} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3576.tmp Handle ID: 1656 Operation ID: {0,9072510} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2496 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2496 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2496 Operation ID: {0,9072477} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2496 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2496 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2496 Operation ID: {0,9072439} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3060 Operation ID: {0,9072398} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3576 Operation ID: {0,9072353} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2496 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2496 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2496 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2496 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3575.tmp Handle ID: 2496 Operation ID: {0,9072326} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2496 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2496 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2496 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2496 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3574.tmp Handle ID: 2496 Operation ID: {0,9072319} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2496 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2496 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3575.tmp Handle ID: 2496 Operation ID: {0,9072314} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2496 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2496 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3575.tmp Handle ID: 3576 Operation ID: {0,9072299} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3574.tmp Handle ID: 2496 Operation ID: {0,9072298} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3574.tmp Handle ID: 3388 Operation ID: {0,9072295} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3574.tmp Handle ID: 3388 Operation ID: {0,9072290} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3575.tmp Handle ID: 3388 Operation ID: {0,9072285} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3574.tmp Handle ID: 3388 Operation ID: {0,9072281} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3060 Operation ID: {0,9072228} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3060 Operation ID: {0,9072167} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1656 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1656 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3573.tmp Handle ID: 1656 Operation ID: {0,9072134} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1656 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1656 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3572.tmp Handle ID: 1656 Operation ID: {0,9072128} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1656 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3573.tmp Handle ID: 1656 Operation ID: {0,9072123} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3024 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1656 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3573.tmp Handle ID: 3388 Operation ID: {0,9072108} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3024 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3572.tmp Handle ID: 1656 Operation ID: {0,9072105} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3572.tmp Handle ID: 3024 Operation ID: {0,9072104} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3024 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3024 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3572.tmp Handle ID: 3024 Operation ID: {0,9072095} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3024 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3573.tmp Handle ID: 3024 Operation ID: {0,9072090} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3024 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3572.tmp Handle ID: 3024 Operation ID: {0,9072086} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3388 Operation ID: {0,9072053} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3388 Operation ID: {0,9072015} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3060 Operation ID: {0,9071972} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3576 Operation ID: {0,9071926} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3388 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3571.tmp Handle ID: 3388 Operation ID: {0,9071899} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3388 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3570.tmp Handle ID: 3388 Operation ID: {0,9071894} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3571.tmp Handle ID: 3388 Operation ID: {0,9071891} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3571.tmp Handle ID: 3576 Operation ID: {0,9071876} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3570.tmp Handle ID: 3388 Operation ID: {0,9071873} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3570.tmp Handle ID: 3912 Operation ID: {0,9071872} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3570.tmp Handle ID: 3912 Operation ID: {0,9071861} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3571.tmp Handle ID: 3912 Operation ID: {0,9071856} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3570.tmp Handle ID: 3912 Operation ID: {0,9071852} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3060 Operation ID: {0,9071801} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3060 Operation ID: {0,9071738} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3024 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3024 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3024 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3024 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar356F.tmp Handle ID: 3024 Operation ID: {0,9071695} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3024 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3024 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3024 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3024 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab356E.tmp Handle ID: 3024 Operation ID: {0,9071688} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3024 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3024 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar356F.tmp Handle ID: 3024 Operation ID: {0,9071683} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3024 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3024 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar356F.tmp Handle ID: 3912 Operation ID: {0,9071668} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab356E.tmp Handle ID: 3024 Operation ID: {0,9071665} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab356E.tmp Handle ID: 1524 Operation ID: {0,9071664} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab356E.tmp Handle ID: 1524 Operation ID: {0,9071653} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar356F.tmp Handle ID: 1524 Operation ID: {0,9071652} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab356E.tmp Handle ID: 1524 Operation ID: {0,9071646} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3912 Operation ID: {0,9071611} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3912 Operation ID: {0,9071573} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3060 Operation ID: {0,9071532} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3576 Operation ID: {0,9071487} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar356D.tmp Handle ID: 1524 Operation ID: {0,9071460} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab356C.tmp Handle ID: 1524 Operation ID: {0,9071451} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar356D.tmp Handle ID: 1524 Operation ID: {0,9071446} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3024 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar356D.tmp Handle ID: 3576 Operation ID: {0,9071433} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3024 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab356C.tmp Handle ID: 1524 Operation ID: {0,9071430} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab356C.tmp Handle ID: 3024 Operation ID: {0,9071429} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3024 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3024 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab356C.tmp Handle ID: 3024 Operation ID: {0,9071420} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3024 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar356D.tmp Handle ID: 3024 Operation ID: {0,9071415} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3024 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab356C.tmp Handle ID: 3024 Operation ID: {0,9071411} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3060 Operation ID: {0,9071358} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3060 Operation ID: {0,9071297} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar356B.tmp Handle ID: 1524 Operation ID: {0,9071263} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab356A.tmp Handle ID: 1524 Operation ID: {0,9071258} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar356B.tmp Handle ID: 1524 Operation ID: {0,9071255} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1656 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1656 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar356B.tmp Handle ID: 1656 Operation ID: {0,9071240} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab356A.tmp Handle ID: 1524 Operation ID: {0,9071237} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab356A.tmp Handle ID: 3912 Operation ID: {0,9071236} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab356A.tmp Handle ID: 3912 Operation ID: {0,9071225} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar356B.tmp Handle ID: 3912 Operation ID: {0,9071224} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab356A.tmp Handle ID: 3912 Operation ID: {0,9071218} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1656 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1656 Operation ID: {0,9071185} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1656 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1656 Operation ID: {0,9071147} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3060 Operation ID: {0,9071104} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3569.tmp Handle ID: 3912 Operation ID: {0,9071070} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3568.tmp Handle ID: 3912 Operation ID: {0,9071065} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3569.tmp Handle ID: 3912 Operation ID: {0,9071060} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1656 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1656 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3569.tmp Handle ID: 1656 Operation ID: {0,9071046} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3568.tmp Handle ID: 3912 Operation ID: {0,9071044} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3568.tmp Handle ID: 1524 Operation ID: {0,9071043} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3568.tmp Handle ID: 1524 Operation ID: {0,9071034} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3569.tmp Handle ID: 1524 Operation ID: {0,9071029} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3568.tmp Handle ID: 1524 Operation ID: {0,9071025} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3060 Operation ID: {0,9070974} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3060 Operation ID: {0,9070911} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3024 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3024 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3024 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3024 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3567.tmp Handle ID: 3024 Operation ID: {0,9070879} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3024 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3024 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3024 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3024 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3566.tmp Handle ID: 3024 Operation ID: {0,9070872} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3024 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3024 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3567.tmp Handle ID: 3024 Operation ID: {0,9070869} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3024 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3024 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3567.tmp Handle ID: 1524 Operation ID: {0,9070854} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3566.tmp Handle ID: 3024 Operation ID: {0,9070851} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3566.tmp Handle ID: 4056 Operation ID: {0,9070850} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3566.tmp Handle ID: 4056 Operation ID: {0,9070840} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3567.tmp Handle ID: 4056 Operation ID: {0,9070837} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3566.tmp Handle ID: 4056 Operation ID: {0,9070833} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1524 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1524 Operation ID: {0,9070800} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1524 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1524 Operation ID: {0,9070764} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1524 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1524 Operation ID: {0,9070725} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2776 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2776 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2776 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2776 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3565.tmp Handle ID: 2776 Operation ID: {0,9070663} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2776 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2776 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2776 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2776 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3564.tmp Handle ID: 2776 Operation ID: {0,9070656} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2776 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2776 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3565.tmp Handle ID: 2776 Operation ID: {0,9070651} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2776 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2776 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3565.tmp Handle ID: 1524 Operation ID: {0,9070638} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3564.tmp Handle ID: 2776 Operation ID: {0,9070635} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3564.tmp Handle ID: 4056 Operation ID: {0,9070634} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3564.tmp Handle ID: 4056 Operation ID: {0,9070621} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3565.tmp Handle ID: 4056 Operation ID: {0,9070618} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3564.tmp Handle ID: 4056 Operation ID: {0,9070614} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3060 Operation ID: {0,9070563} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3060 Operation ID: {0,9070500} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1656 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1656 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3563.tmp Handle ID: 1656 Operation ID: {0,9070470} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1656 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1656 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3562.tmp Handle ID: 1656 Operation ID: {0,9070463} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1656 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3563.tmp Handle ID: 1656 Operation ID: {0,9070458} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4088 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1656 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3563.tmp Handle ID: 4056 Operation ID: {0,9070443} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4088 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3562.tmp Handle ID: 1656 Operation ID: {0,9070440} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3562.tmp Handle ID: 4088 Operation ID: {0,9070439} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4088 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4088 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3562.tmp Handle ID: 4088 Operation ID: {0,9070430} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4088 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3563.tmp Handle ID: 4088 Operation ID: {0,9070427} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4088 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3562.tmp Handle ID: 4088 Operation ID: {0,9070421} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4056 Operation ID: {0,9070388} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4056 Operation ID: {0,9070350} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3060 Operation ID: {0,9070309} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1524 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1524 Operation ID: {0,9070263} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3561.tmp Handle ID: 4056 Operation ID: {0,9070240} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3560.tmp Handle ID: 4056 Operation ID: {0,9070233} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3561.tmp Handle ID: 4056 Operation ID: {0,9070228} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3561.tmp Handle ID: 1524 Operation ID: {0,9070213} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3560.tmp Handle ID: 4056 Operation ID: {0,9070210} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3560.tmp Handle ID: 3388 Operation ID: {0,9070209} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3560.tmp Handle ID: 3388 Operation ID: {0,9070199} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3561.tmp Handle ID: 3388 Operation ID: {0,9070197} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3560.tmp Handle ID: 3388 Operation ID: {0,9070191} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3060 Operation ID: {0,9070138} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3060 Operation ID: {0,9070077} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4088 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4088 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4088 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4088 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar355F.tmp Handle ID: 4088 Operation ID: {0,9070039} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4088 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4088 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4088 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4088 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab355E.tmp Handle ID: 4088 Operation ID: {0,9070035} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4088 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4088 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar355F.tmp Handle ID: 4088 Operation ID: {0,9070031} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4088 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4088 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar355F.tmp Handle ID: 3388 Operation ID: {0,9070016} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab355E.tmp Handle ID: 4088 Operation ID: {0,9070013} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab355E.tmp Handle ID: 3576 Operation ID: {0,9070012} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab355E.tmp Handle ID: 3576 Operation ID: {0,9070001} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar355F.tmp Handle ID: 3576 Operation ID: {0,9069998} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab355E.tmp Handle ID: 3576 Operation ID: {0,9069994} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3388 Operation ID: {0,9069961} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3388 Operation ID: {0,9069923} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3060 Operation ID: {0,9069880} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3388 Operation ID: {0,9069835} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3576 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar355D.tmp Handle ID: 3576 Operation ID: {0,9069810} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3576 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab355C.tmp Handle ID: 3576 Operation ID: {0,9069803} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar355D.tmp Handle ID: 3576 Operation ID: {0,9069798} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4088 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar355D.tmp Handle ID: 3388 Operation ID: {0,9069785} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4088 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab355C.tmp Handle ID: 3576 Operation ID: {0,9069782} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab355C.tmp Handle ID: 4088 Operation ID: {0,9069781} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4088 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4088 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab355C.tmp Handle ID: 4088 Operation ID: {0,9069770} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4088 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar355D.tmp Handle ID: 4088 Operation ID: {0,9069767} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4088 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab355C.tmp Handle ID: 4088 Operation ID: {0,9069763} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3060 Operation ID: {0,9069712} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3060 Operation ID: {0,9069649} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2776 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2776 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2776 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2776 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar355B.tmp Handle ID: 2776 Operation ID: {0,9069614} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2776 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2776 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2776 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2776 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab355A.tmp Handle ID: 2776 Operation ID: {0,9069609} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2776 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2776 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar355B.tmp Handle ID: 2776 Operation ID: {0,9069604} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2776 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4088 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4088 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4088 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2776 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar355B.tmp Handle ID: 4088 Operation ID: {0,9069590} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1656 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab355A.tmp Handle ID: 2776 Operation ID: {0,9069588} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab355A.tmp Handle ID: 1656 Operation ID: {0,9069587} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1656 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab355A.tmp Handle ID: 1656 Operation ID: {0,9069578} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar355B.tmp Handle ID: 1656 Operation ID: {0,9069573} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab355A.tmp Handle ID: 1656 Operation ID: {0,9069569} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4088 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4088 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4088 Operation ID: {0,9069536} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4088 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4088 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4088 Operation ID: {0,9069498} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3060 Operation ID: {0,9069457} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3388 Operation ID: {0,9069412} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4088 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4088 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4088 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4088 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3559.tmp Handle ID: 4088 Operation ID: {0,9069379} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4088 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4088 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4088 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4088 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3558.tmp Handle ID: 4088 Operation ID: {0,9069372} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4088 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4088 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3559.tmp Handle ID: 4088 Operation ID: {0,9069367} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4088 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3388 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3388 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4088 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3559.tmp Handle ID: 3388 Operation ID: {0,9069352} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3558.tmp Handle ID: 4088 Operation ID: {0,9069349} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3558.tmp Handle ID: 4056 Operation ID: {0,9069348} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3558.tmp Handle ID: 4056 Operation ID: {0,9069341} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3559.tmp Handle ID: 4056 Operation ID: {0,9069336} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3558.tmp Handle ID: 4056 Operation ID: {0,9069332} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3060 Operation ID: {0,9069279} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3060 Operation ID: {0,9069218} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1656 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1656 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3557.tmp Handle ID: 1656 Operation ID: {0,9069184} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1656 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1656 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3556.tmp Handle ID: 1656 Operation ID: {0,9069179} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1656 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3557.tmp Handle ID: 1656 Operation ID: {0,9069174} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1656 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3557.tmp Handle ID: 4056 Operation ID: {0,9069161} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3556.tmp Handle ID: 1656 Operation ID: {0,9069158} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3556.tmp Handle ID: 1524 Operation ID: {0,9069157} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3556.tmp Handle ID: 1524 Operation ID: {0,9069148} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3557.tmp Handle ID: 1524 Operation ID: {0,9069145} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3556.tmp Handle ID: 1524 Operation ID: {0,9069139} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4056 Operation ID: {0,9069106} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4056 Operation ID: {0,9069068} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3060 Operation ID: {0,9069025} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3555.tmp Handle ID: 1524 Operation ID: {0,9068993} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3554.tmp Handle ID: 1524 Operation ID: {0,9068986} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3555.tmp Handle ID: 1524 Operation ID: {0,9068981} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3555.tmp Handle ID: 4056 Operation ID: {0,9068966} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1656 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3554.tmp Handle ID: 1524 Operation ID: {0,9068965} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3554.tmp Handle ID: 1656 Operation ID: {0,9068964} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1656 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3554.tmp Handle ID: 1656 Operation ID: {0,9068953} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3555.tmp Handle ID: 1656 Operation ID: {0,9068952} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3554.tmp Handle ID: 1656 Operation ID: {0,9068948} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1424 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1424 Operation ID: {0,9068895} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3060 Operation ID: {0,9068830} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3576 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3553.tmp Handle ID: 3576 Operation ID: {0,9068104} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3576 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3552.tmp Handle ID: 3576 Operation ID: {0,9068075} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3553.tmp Handle ID: 3576 Operation ID: {0,9068066} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2776 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1656 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1656 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3553.tmp Handle ID: 1656 Operation ID: {0,9067878} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2776 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3552.tmp Handle ID: 3576 Operation ID: {0,9067852} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3552.tmp Handle ID: 2776 Operation ID: {0,9067849} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2776 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2776 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3552.tmp Handle ID: 2776 Operation ID: {0,9067798} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2776 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3553.tmp Handle ID: 2776 Operation ID: {0,9067772} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2776 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3552.tmp Handle ID: 2776 Operation ID: {0,9067744} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1656 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1656 Operation ID: {0,9067621} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1656 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1656 Operation ID: {0,9067502} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:39 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1656 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:39 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1656 Operation ID: {0,9067343} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3551.tmp Handle ID: 4012 Operation ID: {0,9067281} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3550.tmp Handle ID: 4012 Operation ID: {0,9067274} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3551.tmp Handle ID: 4012 Operation ID: {0,9067271} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2776 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1656 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1656 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3551.tmp Handle ID: 1656 Operation ID: {0,9067256} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2776 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3550.tmp Handle ID: 4012 Operation ID: {0,9067253} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3550.tmp Handle ID: 2776 Operation ID: {0,9067252} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2776 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2776 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3550.tmp Handle ID: 2776 Operation ID: {0,9067243} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2776 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3551.tmp Handle ID: 2776 Operation ID: {0,9067236} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2776 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3550.tmp Handle ID: 2776 Operation ID: {0,9067232} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3060 Operation ID: {0,9067179} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3060 Operation ID: {0,9067114} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar354F.tmp Handle ID: 4056 Operation ID: {0,9067080} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab354E.tmp Handle ID: 4056 Operation ID: {0,9067073} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar354F.tmp Handle ID: 4056 Operation ID: {0,9067068} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2776 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2776 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2776 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar354F.tmp Handle ID: 2776 Operation ID: {0,9067056} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab354E.tmp Handle ID: 4056 Operation ID: {0,9067054} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab354E.tmp Handle ID: 3912 Operation ID: {0,9067053} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab354E.tmp Handle ID: 3912 Operation ID: {0,9067046} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar354F.tmp Handle ID: 3912 Operation ID: {0,9067041} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab354E.tmp Handle ID: 3912 Operation ID: {0,9067037} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2776 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2776 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2776 Operation ID: {0,9067004} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2776 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2776 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2776 Operation ID: {0,9066966} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3060 Operation ID: {0,9066923} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2776 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2776 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2776 Operation ID: {0,9066878} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar354D.tmp Handle ID: 3912 Operation ID: {0,9066852} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab354C.tmp Handle ID: 3912 Operation ID: {0,9066845} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar354D.tmp Handle ID: 3912 Operation ID: {0,9066840} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2776 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2776 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2776 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar354D.tmp Handle ID: 2776 Operation ID: {0,9066823} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab354C.tmp Handle ID: 3912 Operation ID: {0,9066820} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab354C.tmp Handle ID: 4056 Operation ID: {0,9066819} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab354C.tmp Handle ID: 4056 Operation ID: {0,9066812} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar354D.tmp Handle ID: 4056 Operation ID: {0,9066807} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab354C.tmp Handle ID: 4056 Operation ID: {0,9066803} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3060 Operation ID: {0,9066752} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3060 Operation ID: {0,9066689} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3768 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar354B.tmp Handle ID: 3768 Operation ID: {0,9066655} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3768 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab354A.tmp Handle ID: 3768 Operation ID: {0,9066648} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar354B.tmp Handle ID: 3768 Operation ID: {0,9066643} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2496 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar354B.tmp Handle ID: 4056 Operation ID: {0,9066628} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2496 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab354A.tmp Handle ID: 3768 Operation ID: {0,9066625} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab354A.tmp Handle ID: 2496 Operation ID: {0,9066624} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2496 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2496 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab354A.tmp Handle ID: 2496 Operation ID: {0,9066614} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2496 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar354B.tmp Handle ID: 2496 Operation ID: {0,9066612} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2496 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab354A.tmp Handle ID: 2496 Operation ID: {0,9066608} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4056 Operation ID: {0,9066573} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4056 Operation ID: {0,9066537} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3060 Operation ID: {0,9066496} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2776 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2776 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2776 Operation ID: {0,9066453} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3549.tmp Handle ID: 4056 Operation ID: {0,9066428} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3548.tmp Handle ID: 4056 Operation ID: {0,9066421} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3549.tmp Handle ID: 4056 Operation ID: {0,9066416} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2776 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2776 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2776 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3549.tmp Handle ID: 2776 Operation ID: {0,9066403} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3548.tmp Handle ID: 4056 Operation ID: {0,9066400} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3548.tmp Handle ID: 4012 Operation ID: {0,9066399} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3548.tmp Handle ID: 4012 Operation ID: {0,9066388} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3549.tmp Handle ID: 4012 Operation ID: {0,9066385} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3548.tmp Handle ID: 4012 Operation ID: {0,9066381} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3060 Operation ID: {0,9066328} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3060 Operation ID: {0,9066267} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2496 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2496 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2496 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2496 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3547.tmp Handle ID: 2496 Operation ID: {0,9066233} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2496 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2496 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2496 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2496 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3546.tmp Handle ID: 2496 Operation ID: {0,9066228} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2496 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2496 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3547.tmp Handle ID: 2496 Operation ID: {0,9066225} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2496 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2496 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3547.tmp Handle ID: 4012 Operation ID: {0,9066209} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1656 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3546.tmp Handle ID: 2496 Operation ID: {0,9066208} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3546.tmp Handle ID: 1656 Operation ID: {0,9066207} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1656 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3546.tmp Handle ID: 1656 Operation ID: {0,9066196} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3547.tmp Handle ID: 1656 Operation ID: {0,9066195} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3546.tmp Handle ID: 1656 Operation ID: {0,9066191} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4012 Operation ID: {0,9066158} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4012 Operation ID: {0,9066120} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3060 Operation ID: {0,9066077} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2776 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2776 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2776 Operation ID: {0,9066032} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1656 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1656 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3545.tmp Handle ID: 1656 Operation ID: {0,9066005} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1656 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1656 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3544.tmp Handle ID: 1656 Operation ID: {0,9066000} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1656 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3545.tmp Handle ID: 1656 Operation ID: {0,9065995} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2776 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2776 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2776 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1656 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3545.tmp Handle ID: 2776 Operation ID: {0,9065982} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3544.tmp Handle ID: 1656 Operation ID: {0,9065979} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3544.tmp Handle ID: 3912 Operation ID: {0,9065978} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3544.tmp Handle ID: 3912 Operation ID: {0,9065971} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3545.tmp Handle ID: 3912 Operation ID: {0,9065968} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3544.tmp Handle ID: 3912 Operation ID: {0,9065962} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3060 Operation ID: {0,9065911} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3060 Operation ID: {0,9065850} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2496 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2496 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2496 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2496 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3543.tmp Handle ID: 2496 Operation ID: {0,9065818} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2496 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2496 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2496 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2496 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3542.tmp Handle ID: 2496 Operation ID: {0,9065811} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2496 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2496 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3543.tmp Handle ID: 2496 Operation ID: {0,9065806} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2496 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2496 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3543.tmp Handle ID: 3912 Operation ID: {0,9065791} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3542.tmp Handle ID: 2496 Operation ID: {0,9065788} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3542.tmp Handle ID: 3768 Operation ID: {0,9065787} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3768 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3542.tmp Handle ID: 3768 Operation ID: {0,9065776} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3543.tmp Handle ID: 3768 Operation ID: {0,9065771} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3768 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3542.tmp Handle ID: 3768 Operation ID: {0,9065767} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3912 Operation ID: {0,9065732} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3912 Operation ID: {0,9065694} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3060 Operation ID: {0,9065653} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3541.tmp Handle ID: 3912 Operation ID: {0,9065621} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3540.tmp Handle ID: 3912 Operation ID: {0,9065614} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3541.tmp Handle ID: 3912 Operation ID: {0,9065609} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2776 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2776 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2776 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3541.tmp Handle ID: 2776 Operation ID: {0,9065592} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3540.tmp Handle ID: 3912 Operation ID: {0,9065589} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3540.tmp Handle ID: 4056 Operation ID: {0,9065584} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3540.tmp Handle ID: 4056 Operation ID: {0,9065579} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3541.tmp Handle ID: 4056 Operation ID: {0,9065574} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3540.tmp Handle ID: 4056 Operation ID: {0,9065570} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3060 Operation ID: {0,9065515} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3060 Operation ID: {0,9065454} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar353F.tmp Handle ID: 4012 Operation ID: {0,9065422} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab353E.tmp Handle ID: 4012 Operation ID: {0,9065417} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar353F.tmp Handle ID: 4012 Operation ID: {0,9065412} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4012 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar353F.tmp Handle ID: 4056 Operation ID: {0,9065399} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1656 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab353E.tmp Handle ID: 4012 Operation ID: {0,9065396} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab353E.tmp Handle ID: 1656 Operation ID: {0,9065395} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1656 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab353E.tmp Handle ID: 1656 Operation ID: {0,9065385} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar353F.tmp Handle ID: 1656 Operation ID: {0,9065381} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1656 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab353E.tmp Handle ID: 1656 Operation ID: {0,9065377} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4056 Operation ID: {0,9065344} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4056 Operation ID: {0,9065308} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4056 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:38 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4056 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:38 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4056 Operation ID: {0,9065269} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1952 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1952 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar353C.tmp Handle ID: 1952 Operation ID: {0,9064591} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1952 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1952 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab353B.tmp Handle ID: 1952 Operation ID: {0,9064586} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1952 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar353C.tmp Handle ID: 1952 Operation ID: {0,9064581} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1952 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar353C.tmp Handle ID: 3860 Operation ID: {0,9064568} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab353B.tmp Handle ID: 1952 Operation ID: {0,9064565} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab353B.tmp Handle ID: 1424 Operation ID: {0,9064564} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab353B.tmp Handle ID: 1424 Operation ID: {0,9064555} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar353C.tmp Handle ID: 1424 Operation ID: {0,9064554} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab353B.tmp Handle ID: 1424 Operation ID: {0,9064548} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3012 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3012 Operation ID: {0,9064497} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3012 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3012 Operation ID: {0,9064434} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4040 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar353A.tmp Handle ID: 4040 Operation ID: {0,9064398} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4040 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3539.tmp Handle ID: 4040 Operation ID: {0,9064393} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar353A.tmp Handle ID: 4040 Operation ID: {0,9064390} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar353A.tmp Handle ID: 1424 Operation ID: {0,9064377} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3539.tmp Handle ID: 4040 Operation ID: {0,9064374} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3539.tmp Handle ID: 3764 Operation ID: {0,9064373} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3539.tmp Handle ID: 3764 Operation ID: {0,9064364} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar353A.tmp Handle ID: 3764 Operation ID: {0,9064359} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3539.tmp Handle ID: 3764 Operation ID: {0,9064355} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1424 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1424 Operation ID: {0,9064322} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1424 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1424 Operation ID: {0,9064284} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3012 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3012 Operation ID: {0,9064243} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3860 Operation ID: {0,9064200} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3538.tmp Handle ID: 1424 Operation ID: {0,9064175} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3537.tmp Handle ID: 1424 Operation ID: {0,9064170} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3538.tmp Handle ID: 1424 Operation ID: {0,9064165} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3538.tmp Handle ID: 3860 Operation ID: {0,9064150} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3537.tmp Handle ID: 1424 Operation ID: {0,9064147} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3537.tmp Handle ID: 3384 Operation ID: {0,9064146} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3537.tmp Handle ID: 3384 Operation ID: {0,9064135} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3538.tmp Handle ID: 3384 Operation ID: {0,9064134} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3537.tmp Handle ID: 3384 Operation ID: {0,9064128} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3012 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3012 Operation ID: {0,9064075} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3012 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3012 Operation ID: {0,9064004} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3764 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3536.tmp Handle ID: 3764 Operation ID: {0,9063972} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3764 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3535.tmp Handle ID: 3764 Operation ID: {0,9063965} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3536.tmp Handle ID: 3764 Operation ID: {0,9063962} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3536.tmp Handle ID: 3384 Operation ID: {0,9063945} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3535.tmp Handle ID: 3764 Operation ID: {0,9063942} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3535.tmp Handle ID: 4008 Operation ID: {0,9063941} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3535.tmp Handle ID: 4008 Operation ID: {0,9063930} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3536.tmp Handle ID: 4008 Operation ID: {0,9063927} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3535.tmp Handle ID: 4008 Operation ID: {0,9063923} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3384 Operation ID: {0,9063890} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3384 Operation ID: {0,9063854} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3012 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3012 Operation ID: {0,9063811} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3860 Operation ID: {0,9063766} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3384 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3534.tmp Handle ID: 3384 Operation ID: {0,9063741} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3384 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3533.tmp Handle ID: 3384 Operation ID: {0,9063734} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3534.tmp Handle ID: 3384 Operation ID: {0,9063729} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1952 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3534.tmp Handle ID: 3860 Operation ID: {0,9063716} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3533.tmp Handle ID: 3384 Operation ID: {0,9063713} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3533.tmp Handle ID: 1952 Operation ID: {0,9063712} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1952 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3533.tmp Handle ID: 1952 Operation ID: {0,9063703} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1952 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3534.tmp Handle ID: 1952 Operation ID: {0,9063698} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1952 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3533.tmp Handle ID: 1952 Operation ID: {0,9063694} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3012 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3012 Operation ID: {0,9063643} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3012 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3012 Operation ID: {0,9063580} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3532.tmp Handle ID: 4008 Operation ID: {0,9063548} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3531.tmp Handle ID: 4008 Operation ID: {0,9063541} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3532.tmp Handle ID: 4008 Operation ID: {0,9063536} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1952 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3532.tmp Handle ID: 1952 Operation ID: {0,9063519} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3531.tmp Handle ID: 4008 Operation ID: {0,9063518} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3531.tmp Handle ID: 4040 Operation ID: {0,9063517} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3531.tmp Handle ID: 4040 Operation ID: {0,9063508} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3532.tmp Handle ID: 4040 Operation ID: {0,9063505} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3531.tmp Handle ID: 4040 Operation ID: {0,9063499} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1952 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1952 Operation ID: {0,9063466} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1952 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1952 Operation ID: {0,9063428} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3012 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3012 Operation ID: {0,9063387} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3860 Operation ID: {0,9063341} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1952 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1952 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3530.tmp Handle ID: 1952 Operation ID: {0,9063302} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1952 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1952 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab352F.tmp Handle ID: 1952 Operation ID: {0,9063297} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1952 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3530.tmp Handle ID: 1952 Operation ID: {0,9063292} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1952 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3530.tmp Handle ID: 3860 Operation ID: {0,9063279} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab352F.tmp Handle ID: 1952 Operation ID: {0,9063276} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab352F.tmp Handle ID: 1424 Operation ID: {0,9063275} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab352F.tmp Handle ID: 1424 Operation ID: {0,9063266} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3530.tmp Handle ID: 1424 Operation ID: {0,9063261} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab352F.tmp Handle ID: 1424 Operation ID: {0,9063257} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3012 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3012 Operation ID: {0,9063203} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3012 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3012 Operation ID: {0,9063142} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4040 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar352E.tmp Handle ID: 4040 Operation ID: {0,9063110} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4040 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab352D.tmp Handle ID: 4040 Operation ID: {0,9063103} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar352E.tmp Handle ID: 4040 Operation ID: {0,9063098} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar352E.tmp Handle ID: 1424 Operation ID: {0,9063083} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab352D.tmp Handle ID: 4040 Operation ID: {0,9063080} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab352D.tmp Handle ID: 3764 Operation ID: {0,9063079} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab352D.tmp Handle ID: 3764 Operation ID: {0,9063068} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar352E.tmp Handle ID: 3764 Operation ID: {0,9063067} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab352D.tmp Handle ID: 3764 Operation ID: {0,9063063} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1424 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1424 Operation ID: {0,9063028} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1424 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1424 Operation ID: {0,9062990} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3012 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3012 Operation ID: {0,9062947} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar352C.tmp Handle ID: 1424 Operation ID: {0,9062912} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab352B.tmp Handle ID: 1424 Operation ID: {0,9062904} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar352C.tmp Handle ID: 1424 Operation ID: {0,9062901} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar352C.tmp Handle ID: 3860 Operation ID: {0,9062886} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab352B.tmp Handle ID: 1424 Operation ID: {0,9062883} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab352B.tmp Handle ID: 3384 Operation ID: {0,9062882} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab352B.tmp Handle ID: 3384 Operation ID: {0,9062871} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar352C.tmp Handle ID: 3384 Operation ID: {0,9062868} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab352B.tmp Handle ID: 3384 Operation ID: {0,9062864} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3012 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3012 Operation ID: {0,9062813} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3012 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3012 Operation ID: {0,9062750} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3764 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar352A.tmp Handle ID: 3764 Operation ID: {0,9062714} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3529.tmp Handle ID: 4008 Operation ID: {0,9062705} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar352A.tmp Handle ID: 4008 Operation ID: {0,9062698} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1952 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar352A.tmp Handle ID: 1952 Operation ID: {0,9062683} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3529.tmp Handle ID: 4008 Operation ID: {0,9062680} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3529.tmp Handle ID: 3384 Operation ID: {0,9062679} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3384 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3529.tmp Handle ID: 3384 Operation ID: {0,9062668} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar352A.tmp Handle ID: 3384 Operation ID: {0,9062665} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3384 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3529.tmp Handle ID: 3384 Operation ID: {0,9062661} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1952 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1952 Operation ID: {0,9062628} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1952 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1952 Operation ID: {0,9062592} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1952 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1952 Operation ID: {0,9062553} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3528.tmp Handle ID: 3060 Operation ID: {0,9062496} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3527.tmp Handle ID: 3060 Operation ID: {0,9062489} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3528.tmp Handle ID: 3060 Operation ID: {0,9062484} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1952 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3528.tmp Handle ID: 1952 Operation ID: {0,9062465} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3527.tmp Handle ID: 3060 Operation ID: {0,9062464} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3527.tmp Handle ID: 4008 Operation ID: {0,9062463} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3527.tmp Handle ID: 4008 Operation ID: {0,9062452} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3528.tmp Handle ID: 4008 Operation ID: {0,9062449} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3527.tmp Handle ID: 4008 Operation ID: {0,9062443} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3012 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3012 Operation ID: {0,9062390} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3012 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3012 Operation ID: {0,9062324} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3860 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3526.tmp Handle ID: 3860 Operation ID: {0,9062288} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3860 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3525.tmp Handle ID: 3860 Operation ID: {0,9062285} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3526.tmp Handle ID: 3860 Operation ID: {0,9062280} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3526.tmp Handle ID: 4008 Operation ID: {0,9062265} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3525.tmp Handle ID: 3860 Operation ID: {0,9062262} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3525.tmp Handle ID: 3780 Operation ID: {0,9062261} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3525.tmp Handle ID: 3780 Operation ID: {0,9062250} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3526.tmp Handle ID: 3780 Operation ID: {0,9062249} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3525.tmp Handle ID: 3780 Operation ID: {0,9062245} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4008 Operation ID: {0,9062212} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4008 Operation ID: {0,9062176} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3012 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3012 Operation ID: {0,9062133} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1952 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1952 Operation ID: {0,9062088} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3524.tmp Handle ID: 4008 Operation ID: {0,9062061} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3523.tmp Handle ID: 4008 Operation ID: {0,9062056} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3524.tmp Handle ID: 4008 Operation ID: {0,9062053} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1952 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3524.tmp Handle ID: 1952 Operation ID: {0,9062037} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3523.tmp Handle ID: 4008 Operation ID: {0,9062035} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3523.tmp Handle ID: 4040 Operation ID: {0,9062034} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3523.tmp Handle ID: 4040 Operation ID: {0,9062025} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3524.tmp Handle ID: 4040 Operation ID: {0,9062020} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3523.tmp Handle ID: 4040 Operation ID: {0,9062016} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3012 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3012 Operation ID: {0,9061965} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3012 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3012 Operation ID: {0,9061902} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3522.tmp Handle ID: 3780 Operation ID: {0,9061861} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3521.tmp Handle ID: 3780 Operation ID: {0,9061852} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3522.tmp Handle ID: 3780 Operation ID: {0,9061845} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3084 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3522.tmp Handle ID: 4040 Operation ID: {0,9061829} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3084 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3521.tmp Handle ID: 3780 Operation ID: {0,9061826} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3521.tmp Handle ID: 3084 Operation ID: {0,9061825} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3084 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3084 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3521.tmp Handle ID: 3084 Operation ID: {0,9061811} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3084 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3522.tmp Handle ID: 3084 Operation ID: {0,9061810} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3084 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3521.tmp Handle ID: 3084 Operation ID: {0,9061800} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4040 Operation ID: {0,9061768} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4040 Operation ID: {0,9061730} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3012 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3012 Operation ID: {0,9061687} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1952 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1952 Operation ID: {0,9061572} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4040 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3520.tmp Handle ID: 4040 Operation ID: {0,9061547} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4040 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab351F.tmp Handle ID: 4040 Operation ID: {0,9061542} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3520.tmp Handle ID: 4040 Operation ID: {0,9061537} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1952 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3520.tmp Handle ID: 1952 Operation ID: {0,9061522} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab351F.tmp Handle ID: 4040 Operation ID: {0,9061519} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab351F.tmp Handle ID: 3060 Operation ID: {0,9061518} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab351F.tmp Handle ID: 3060 Operation ID: {0,9061511} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3520.tmp Handle ID: 3060 Operation ID: {0,9061506} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab351F.tmp Handle ID: 3060 Operation ID: {0,9061502} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3012 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3012 Operation ID: {0,9061445} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3012 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3012 Operation ID: {0,9061357} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1952 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1952 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar351D.tmp Handle ID: 1952 Operation ID: {0,9061325} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1952 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1952 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab351C.tmp Handle ID: 1952 Operation ID: {0,9061318} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1952 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar351D.tmp Handle ID: 1952 Operation ID: {0,9061315} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1952 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar351D.tmp Handle ID: 3060 Operation ID: {0,9061300} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab351C.tmp Handle ID: 1952 Operation ID: {0,9061294} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab351C.tmp Handle ID: 3860 Operation ID: {0,9061293} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab351C.tmp Handle ID: 3860 Operation ID: {0,9061283} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar351D.tmp Handle ID: 3860 Operation ID: {0,9061280} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab351C.tmp Handle ID: 3860 Operation ID: {0,9061276} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3060 Operation ID: {0,9061243} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3060 Operation ID: {0,9061205} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3012 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3012 Operation ID: {0,9061164} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3764 Operation ID: {0,9061116} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar351B.tmp Handle ID: 3060 Operation ID: {0,9061089} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab351A.tmp Handle ID: 3060 Operation ID: {0,9061084} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar351B.tmp Handle ID: 3060 Operation ID: {0,9061079} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar351B.tmp Handle ID: 3764 Operation ID: {0,9061065} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab351A.tmp Handle ID: 3060 Operation ID: {0,9061063} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab351A.tmp Handle ID: 4008 Operation ID: {0,9061062} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab351A.tmp Handle ID: 4008 Operation ID: {0,9061051} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar351B.tmp Handle ID: 4008 Operation ID: {0,9061050} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab351A.tmp Handle ID: 4008 Operation ID: {0,9061046} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3012 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3012 Operation ID: {0,9060993} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3012 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3012 Operation ID: {0,9060930} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3860 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3519.tmp Handle ID: 3860 Operation ID: {0,9060899} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3860 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3518.tmp Handle ID: 3860 Operation ID: {0,9060892} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3519.tmp Handle ID: 3860 Operation ID: {0,9060887} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3519.tmp Handle ID: 4008 Operation ID: {0,9060874} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3518.tmp Handle ID: 3860 Operation ID: {0,9060871} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3518.tmp Handle ID: 3780 Operation ID: {0,9060870} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3518.tmp Handle ID: 3780 Operation ID: {0,9060861} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3519.tmp Handle ID: 3780 Operation ID: {0,9060854} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3518.tmp Handle ID: 3780 Operation ID: {0,9060852} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4008 Operation ID: {0,9060817} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4008 Operation ID: {0,9060779} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3012 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3012 Operation ID: {0,9060736} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3517.tmp Handle ID: 4008 Operation ID: {0,9060704} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3516.tmp Handle ID: 4008 Operation ID: {0,9060699} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3517.tmp Handle ID: 4008 Operation ID: {0,9060696} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3517.tmp Handle ID: 3764 Operation ID: {0,9060681} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3516.tmp Handle ID: 4008 Operation ID: {0,9060680} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3516.tmp Handle ID: 4040 Operation ID: {0,9060679} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4040 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3516.tmp Handle ID: 4040 Operation ID: {0,9060670} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3517.tmp Handle ID: 4040 Operation ID: {0,9060667} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4040 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3516.tmp Handle ID: 4040 Operation ID: {0,9060665} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3012 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3012 Operation ID: {0,9060614} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3012 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3012 Operation ID: {0,9060551} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3515.tmp Handle ID: 3780 Operation ID: {0,9060377} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3514.tmp Handle ID: 3780 Operation ID: {0,9060354} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3515.tmp Handle ID: 3780 Operation ID: {0,9060344} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1952 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3515.tmp Handle ID: 1952 Operation ID: {0,9060128} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3514.tmp Handle ID: 3780 Operation ID: {0,9060107} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3514.tmp Handle ID: 4008 Operation ID: {0,9060102} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3514.tmp Handle ID: 4008 Operation ID: {0,9060066} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3515.tmp Handle ID: 4008 Operation ID: {0,9060040} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3514.tmp Handle ID: 4008 Operation ID: {0,9060017} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1952 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1952 Operation ID: {0,9059935} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1952 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1952 Operation ID: {0,9059895} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1952 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1952 Operation ID: {0,9059856} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3576 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3513.tmp Handle ID: 3576 Operation ID: {0,9059784} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3576 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3512.tmp Handle ID: 3576 Operation ID: {0,9059779} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3513.tmp Handle ID: 3576 Operation ID: {0,9059774} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1952 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3513.tmp Handle ID: 1952 Operation ID: {0,9059761} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3512.tmp Handle ID: 3576 Operation ID: {0,9059758} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3512.tmp Handle ID: 4008 Operation ID: {0,9059757} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3512.tmp Handle ID: 4008 Operation ID: {0,9059748} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3513.tmp Handle ID: 4008 Operation ID: {0,9059743} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3512.tmp Handle ID: 4008 Operation ID: {0,9059741} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3012 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3012 Operation ID: {0,9059690} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3012 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3012 Operation ID: {0,9059629} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3511.tmp Handle ID: 3060 Operation ID: {0,9059590} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3510.tmp Handle ID: 3060 Operation ID: {0,9059587} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3511.tmp Handle ID: 3060 Operation ID: {0,9059584} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3511.tmp Handle ID: 4008 Operation ID: {0,9059540} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3510.tmp Handle ID: 3060 Operation ID: {0,9059531} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3510.tmp Handle ID: 3764 Operation ID: {0,9059528} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3510.tmp Handle ID: 1424 Operation ID: {0,9059508} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3511.tmp Handle ID: 1424 Operation ID: {0,9059496} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3510.tmp Handle ID: 3764 Operation ID: {0,9059479} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4008 Operation ID: {0,9059389} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4008 Operation ID: {0,9059343} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3012 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3012 Operation ID: {0,9059302} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4008 Operation ID: {0,9059259} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3764 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar350F.tmp Handle ID: 3764 Operation ID: {0,9059232} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3764 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab350E.tmp Handle ID: 3764 Operation ID: {0,9059229} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar350F.tmp Handle ID: 3764 Operation ID: {0,9059224} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3764 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3764 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar350F.tmp Handle ID: 4008 Operation ID: {0,9059209} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab350E.tmp Handle ID: 3764 Operation ID: {0,9059206} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab350E.tmp Handle ID: 1424 Operation ID: {0,9059205} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab350E.tmp Handle ID: 1424 Operation ID: {0,9059196} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar350F.tmp Handle ID: 1424 Operation ID: {0,9059191} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab350E.tmp Handle ID: 1424 Operation ID: {0,9059187} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3012 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3012 Operation ID: {0,9059136} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3012 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3012 Operation ID: {0,9059073} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar350D.tmp Handle ID: 3060 Operation ID: {0,9059041} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab350C.tmp Handle ID: 3060 Operation ID: {0,9059034} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar350D.tmp Handle ID: 3060 Operation ID: {0,9059031} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3224 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar350D.tmp Handle ID: 1424 Operation ID: {0,9059014} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3224 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab350C.tmp Handle ID: 3060 Operation ID: {0,9059011} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab350C.tmp Handle ID: 3224 Operation ID: {0,9059010} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3224 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3224 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab350C.tmp Handle ID: 3224 Operation ID: {0,9059001} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3224 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar350D.tmp Handle ID: 3224 Operation ID: {0,9058998} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3224 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab350C.tmp Handle ID: 3224 Operation ID: {0,9058992} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1424 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1424 Operation ID: {0,9058957} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1424 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1424 Operation ID: {0,9058919} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3012 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3012 Operation ID: {0,9058877} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4008 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4008 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4008 Operation ID: {0,9058832} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar350B.tmp Handle ID: 1424 Operation ID: {0,9058805} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab350A.tmp Handle ID: 1424 Operation ID: {0,9058798} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar350B.tmp Handle ID: 1424 Operation ID: {0,9058793} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar350B.tmp Handle ID: 3860 Operation ID: {0,9058778} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab350A.tmp Handle ID: 1424 Operation ID: {0,9058777} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab350A.tmp Handle ID: 3576 Operation ID: {0,9058776} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab350A.tmp Handle ID: 3576 Operation ID: {0,9058766} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar350B.tmp Handle ID: 3576 Operation ID: {0,9058762} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab350A.tmp Handle ID: 3576 Operation ID: {0,9058758} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4364 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4364 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4364 Operation ID: {0,9058704} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4364 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4364 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4364 Operation ID: {0,9058643} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1952 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1952 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3509.tmp Handle ID: 1952 Operation ID: {0,9058613} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1952 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1952 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3508.tmp Handle ID: 1952 Operation ID: {0,9058606} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1952 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3509.tmp Handle ID: 1952 Operation ID: {0,9058603} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1952 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1952 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3509.tmp Handle ID: 3576 Operation ID: {0,9058590} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3508.tmp Handle ID: 1952 Operation ID: {0,9058587} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3508.tmp Handle ID: 3060 Operation ID: {0,9058586} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3508.tmp Handle ID: 3060 Operation ID: {0,9058576} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3509.tmp Handle ID: 3060 Operation ID: {0,9058571} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3508.tmp Handle ID: 3060 Operation ID: {0,9058567} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3576 Operation ID: {0,9058534} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3576 Operation ID: {0,9058496} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4364 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4364 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4364 Operation ID: {0,9058455} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3860 Operation ID: {0,9058409} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3576 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3507.tmp Handle ID: 3576 Operation ID: {0,9058382} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3576 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3506.tmp Handle ID: 3576 Operation ID: {0,9058375} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3507.tmp Handle ID: 3576 Operation ID: {0,9058370} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3084 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3507.tmp Handle ID: 3860 Operation ID: {0,9058355} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3084 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3506.tmp Handle ID: 3576 Operation ID: {0,9058354} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3506.tmp Handle ID: 3084 Operation ID: {0,9058353} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3084 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3084 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3506.tmp Handle ID: 3084 Operation ID: {0,9058344} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3084 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3507.tmp Handle ID: 3084 Operation ID: {0,9058339} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3084 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3506.tmp Handle ID: 3084 Operation ID: {0,9058335} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4364 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4364 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4364 Operation ID: {0,9058282} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4364 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4364 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4364 Operation ID: {0,9058221} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3505.tmp Handle ID: 3060 Operation ID: {0,9058191} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3504.tmp Handle ID: 3060 Operation ID: {0,9058184} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3505.tmp Handle ID: 3060 Operation ID: {0,9058181} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3060 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3084 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3084 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3084 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3060 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3505.tmp Handle ID: 3084 Operation ID: {0,9058166} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3504.tmp Handle ID: 3060 Operation ID: {0,9058165} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3504.tmp Handle ID: 2672 Operation ID: {0,9058164} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3504.tmp Handle ID: 2672 Operation ID: {0,9058153} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3505.tmp Handle ID: 2672 Operation ID: {0,9058150} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3504.tmp Handle ID: 2672 Operation ID: {0,9058146} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3084 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3084 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3084 Operation ID: {0,9058111} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3084 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3084 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3084 Operation ID: {0,9058073} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4364 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4364 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4364 Operation ID: {0,9058030} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3084 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3084 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3084 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3084 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3503.tmp Handle ID: 3084 Operation ID: {0,9057996} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3084 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3084 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3084 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3084 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3502.tmp Handle ID: 3084 Operation ID: {0,9057991} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3084 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3084 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3503.tmp Handle ID: 3084 Operation ID: {0,9057986} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3084 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3860 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3860 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3503.tmp Handle ID: 3860 Operation ID: {0,9057970} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3084 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3502.tmp Handle ID: 1424 Operation ID: {0,9057967} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3502.tmp Handle ID: 3084 Operation ID: {0,9057966} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3084 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3084 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3502.tmp Handle ID: 3084 Operation ID: {0,9057955} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3084 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3503.tmp Handle ID: 3084 Operation ID: {0,9057952} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3084 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3502.tmp Handle ID: 3084 Operation ID: {0,9057948} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4364 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4364 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4364 Operation ID: {0,9057897} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4044 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4044 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4044 Operation ID: {0,9057834} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3084 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3084 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3084 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3084 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3501.tmp Handle ID: 3084 Operation ID: {0,9057802} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3084 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3084 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3084 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3084 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3500.tmp Handle ID: 3084 Operation ID: {0,9057795} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3084 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3084 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3501.tmp Handle ID: 3084 Operation ID: {0,9057788} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3084 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3012 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3012 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3084 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3501.tmp Handle ID: 3012 Operation ID: {0,9057773} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3500.tmp Handle ID: 3084 Operation ID: {0,9057770} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3500.tmp Handle ID: 3576 Operation ID: {0,9057769} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3576 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3500.tmp Handle ID: 3576 Operation ID: {0,9057758} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3501.tmp Handle ID: 3576 Operation ID: {0,9057753} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3576 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3500.tmp Handle ID: 3576 Operation ID: {0,9057749} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3012 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3012 Operation ID: {0,9057714} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3012 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3012 Operation ID: {0,9057676} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3012 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:45:33 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3012 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:33 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3012 Operation ID: {0,9057623} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:29 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 176 Process ID: 5016 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:45:29 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 176 Object Type: Key Process ID: 5016 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:29 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 176 Operation ID: {0,9055424} Process ID: 5016 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x523CA) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:45:29 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 164 Process ID: 5016 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:45:29 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 164 Object Type: Key Process ID: 5016 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:45:29 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 164 Operation ID: {0,9055340} Process ID: 5016 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x523CA) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:44:59 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1032 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:44:59 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1032 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:59 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1032 Operation ID: {0,9049666} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:53 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 464 Process ID: 2532 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:44:53 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 464 Object Type: Key Process ID: 2532 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:53 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 464 Operation ID: {0,9047828} Process ID: 2532 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:53 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 176 Process ID: 2532 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:44:53 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 176 Object Type: Key Process ID: 2532 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:53 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 176 Operation ID: {0,9047465} Process ID: 2532 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:53 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 164 Process ID: 2532 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:44:53 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 164 Object Type: Key Process ID: 2532 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:53 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 164 Operation ID: {0,9047402} Process ID: 2532 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:44:53 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 588 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:44:53 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 588 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:53 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 588 Operation ID: {0,9047248} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:48 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 464 Process ID: 6016 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:44:48 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 464 Object Type: Key Process ID: 6016 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:48 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 464 Operation ID: {0,9046019} Process ID: 6016 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:47 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 176 Process ID: 6016 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:44:47 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 176 Object Type: Key Process ID: 6016 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:47 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 176 Operation ID: {0,9045470} Process ID: 6016 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:47 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 164 Process ID: 6016 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe " 4/17/2020 11:44:47 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 164 Object Type: Key Process ID: 6016 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:47 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 164 Operation ID: {0,9045411} Process ID: 6016 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:44:47 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1492 Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe " 4/17/2020 11:44:47 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1492 Object Type: Key Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:47 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1492 Operation ID: {0,9045254} Process ID: 496 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:45 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 148 Process ID: 4276 Image File Name: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_iu14D2N.tmp " 4/17/2020 11:44:45 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 148 Object Type: Key Process ID: 4276 Image File Name: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_iu14D2N.tmp Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:45 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 148 Operation ID: {0,9044628} Process ID: 4276 Image File Name: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_iu14D2N.tmp Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x523CA) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:45 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 120 Process ID: 4276 Image File Name: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_iu14D2N.tmp " 4/17/2020 11:44:45 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 120 Object Type: Key Process ID: 4276 Image File Name: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_iu14D2N.tmp Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:45 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 120 Operation ID: {0,9044607} Process ID: 4276 Image File Name: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_iu14D2N.tmp Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x523CA) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:44:45 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 24 Process ID: 1500 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe " 4/17/2020 11:44:45 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 24 Object Type: Key Process ID: 1500 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:45 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 24 Operation ID: {0,9044403} Process ID: 1500 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x523CA) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Set key value Create sub-key Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x2001F " 4/17/2020 11:44:45 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 24 Process ID: 1500 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe " 4/17/2020 11:44:45 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 24 Object Type: Key Process ID: 1500 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:45 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 24 Operation ID: {0,9044402} Process ID: 1500 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x523CA) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Set key value Create sub-key Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x2001F " 4/17/2020 11:44:45 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 148 Process ID: 1500 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe " 4/17/2020 11:44:45 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 148 Object Type: Key Process ID: 1500 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:45 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 148 Operation ID: {0,9042946} Process ID: 1500 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x523CA) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:45 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 120 Process ID: 1500 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe " 4/17/2020 11:44:45 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 120 Object Type: Key Process ID: 1500 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:45 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 120 Operation ID: {0,9042919} Process ID: 1500 Image File Name: C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x523CA) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1884 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1884 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1884 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1884 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34FF.tmp Handle ID: 1884 Operation ID: {0,9042077} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1884 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1884 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1884 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1884 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34FE.tmp Handle ID: 1884 Operation ID: {0,9042070} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1884 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1884 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34FF.tmp Handle ID: 1884 Operation ID: {0,9042067} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1884 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1884 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34FF.tmp Handle ID: 4424 Operation ID: {0,9042054} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34FE.tmp Handle ID: 1884 Operation ID: {0,9042051} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34FE.tmp Handle ID: 4228 Operation ID: {0,9042050} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34FE.tmp Handle ID: 4228 Operation ID: {0,9042041} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34FF.tmp Handle ID: 4228 Operation ID: {0,9042038} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34FE.tmp Handle ID: 4228 Operation ID: {0,9042032} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,9041979} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,9041918} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4436 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4436 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4436 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4436 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34FD.tmp Handle ID: 4436 Operation ID: {0,9041888} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4436 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4436 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4436 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4436 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34FC.tmp Handle ID: 4436 Operation ID: {0,9041881} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4436 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4436 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34FD.tmp Handle ID: 4436 Operation ID: {0,9041878} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4436 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4436 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34FD.tmp Handle ID: 4228 Operation ID: {0,9041863} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34FC.tmp Handle ID: 4436 Operation ID: {0,9041862} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34FC.tmp Handle ID: 3832 Operation ID: {0,9041861} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34FC.tmp Handle ID: 3832 Operation ID: {0,9041850} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34FD.tmp Handle ID: 3832 Operation ID: {0,9041849} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34FC.tmp Handle ID: 3832 Operation ID: {0,9041843} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4228 Operation ID: {0,9041810} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4228 Operation ID: {0,9041772} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,9041729} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4424 Operation ID: {0,9041684} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34FB.tmp Handle ID: 4228 Operation ID: {0,9041661} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34FA.tmp Handle ID: 4228 Operation ID: {0,9041654} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34FB.tmp Handle ID: 4228 Operation ID: {0,9041651} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34FB.tmp Handle ID: 4424 Operation ID: {0,9041636} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34FA.tmp Handle ID: 4228 Operation ID: {0,9041635} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34FA.tmp Handle ID: 4256 Operation ID: {0,9041634} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34FA.tmp Handle ID: 4256 Operation ID: {0,9041624} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34FB.tmp Handle ID: 4256 Operation ID: {0,9041622} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34FA.tmp Handle ID: 4256 Operation ID: {0,9041616} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,9041565} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,9041501} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3832 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34F9.tmp Handle ID: 3832 Operation ID: {0,9041467} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3832 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34F8.tmp Handle ID: 3832 Operation ID: {0,9041460} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34F9.tmp Handle ID: 3832 Operation ID: {0,9041457} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34F9.tmp Handle ID: 4256 Operation ID: {0,9041444} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34F8.tmp Handle ID: 3832 Operation ID: {0,9041441} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34F8.tmp Handle ID: 2464 Operation ID: {0,9041440} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34F8.tmp Handle ID: 2464 Operation ID: {0,9041429} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34F9.tmp Handle ID: 2464 Operation ID: {0,9041428} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34F8.tmp Handle ID: 2464 Operation ID: {0,9041424} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4256 Operation ID: {0,9041391} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4256 Operation ID: {0,9041353} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,9041312} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4424 Operation ID: {0,9041267} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34F7.tmp Handle ID: 4256 Operation ID: {0,9041244} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34F6.tmp Handle ID: 4256 Operation ID: {0,9041237} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34F7.tmp Handle ID: 4256 Operation ID: {0,9041232} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1884 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34F7.tmp Handle ID: 4424 Operation ID: {0,9041219} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1884 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34F6.tmp Handle ID: 4256 Operation ID: {0,9041218} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34F6.tmp Handle ID: 1884 Operation ID: {0,9041217} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1884 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1884 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34F6.tmp Handle ID: 1884 Operation ID: {0,9041206} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1884 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34F7.tmp Handle ID: 1884 Operation ID: {0,9041203} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1884 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34F6.tmp Handle ID: 1884 Operation ID: {0,9041199} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,9041146} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,9041085} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34F5.tmp Handle ID: 2464 Operation ID: {0,9041053} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34F4.tmp Handle ID: 2464 Operation ID: {0,9041048} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34F5.tmp Handle ID: 2464 Operation ID: {0,9041043} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4436 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1884 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1884 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1884 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34F5.tmp Handle ID: 1884 Operation ID: {0,9041028} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4436 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34F4.tmp Handle ID: 2464 Operation ID: {0,9041027} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34F4.tmp Handle ID: 4436 Operation ID: {0,9041026} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4436 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4436 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34F4.tmp Handle ID: 4436 Operation ID: {0,9041015} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4436 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34F5.tmp Handle ID: 4436 Operation ID: {0,9041014} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4436 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34F4.tmp Handle ID: 4436 Operation ID: {0,9041008} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1884 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1884 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1884 Operation ID: {0,9040975} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1884 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1884 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1884 Operation ID: {0,9040939} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,9040896} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4424 Operation ID: {0,9040850} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1884 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1884 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1884 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1884 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34F3.tmp Handle ID: 1884 Operation ID: {0,9040825} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1884 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1884 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1884 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1884 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34F2.tmp Handle ID: 1884 Operation ID: {0,9040818} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1884 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1884 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34F3.tmp Handle ID: 1884 Operation ID: {0,9040813} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1884 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1884 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34F3.tmp Handle ID: 4424 Operation ID: {0,9040799} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34F2.tmp Handle ID: 1884 Operation ID: {0,9040797} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34F2.tmp Handle ID: 4228 Operation ID: {0,9040796} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34F2.tmp Handle ID: 4228 Operation ID: {0,9040787} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34F3.tmp Handle ID: 4228 Operation ID: {0,9040784} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34F2.tmp Handle ID: 4228 Operation ID: {0,9040778} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,9040727} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,9040655} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4436 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4436 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4436 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4436 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34F1.tmp Handle ID: 4436 Operation ID: {0,9040619} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4436 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4436 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4436 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4436 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34F0.tmp Handle ID: 4436 Operation ID: {0,9040614} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4436 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4436 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34F1.tmp Handle ID: 4436 Operation ID: {0,9040611} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4436 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4436 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34F1.tmp Handle ID: 4228 Operation ID: {0,9040596} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34F0.tmp Handle ID: 4436 Operation ID: {0,9040593} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34F0.tmp Handle ID: 3832 Operation ID: {0,9040592} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34F0.tmp Handle ID: 3832 Operation ID: {0,9040585} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34F1.tmp Handle ID: 3832 Operation ID: {0,9040582} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34F0.tmp Handle ID: 3832 Operation ID: {0,9040576} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4228 Operation ID: {0,9040543} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4228 Operation ID: {0,9040507} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,9040466} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4436 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4436 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4436 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4436 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34EF.tmp Handle ID: 4436 Operation ID: {0,9040426} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4436 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4436 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4436 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4436 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34EE.tmp Handle ID: 4436 Operation ID: {0,9040419} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4436 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4436 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34EF.tmp Handle ID: 4436 Operation ID: {0,9040415} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4436 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4436 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34EF.tmp Handle ID: 4424 Operation ID: {0,9040399} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34EE.tmp Handle ID: 4436 Operation ID: {0,9040396} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34EE.tmp Handle ID: 3832 Operation ID: {0,9040395} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34EE.tmp Handle ID: 3832 Operation ID: {0,9040388} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34EF.tmp Handle ID: 3832 Operation ID: {0,9040385} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34EE.tmp Handle ID: 3832 Operation ID: {0,9040379} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:42 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:42 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,9040326} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,9040265} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34ED.tmp Handle ID: 4228 Operation ID: {0,9040231} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34EC.tmp Handle ID: 4228 Operation ID: {0,9040226} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34ED.tmp Handle ID: 4228 Operation ID: {0,9040221} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34ED.tmp Handle ID: 3832 Operation ID: {0,9040206} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34EC.tmp Handle ID: 4228 Operation ID: {0,9040205} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34EC.tmp Handle ID: 2464 Operation ID: {0,9040204} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34EC.tmp Handle ID: 2464 Operation ID: {0,9040195} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34ED.tmp Handle ID: 2464 Operation ID: {0,9040190} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34EC.tmp Handle ID: 2464 Operation ID: {0,9040186} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3832 Operation ID: {0,9040151} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3832 Operation ID: {0,9040115} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3832 Operation ID: {0,9040074} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1700 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1700 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1700 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1700 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34EB.tmp Handle ID: 1700 Operation ID: {0,9040016} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1700 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1700 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1700 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1700 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34EA.tmp Handle ID: 1700 Operation ID: {0,9040009} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1700 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1700 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34EB.tmp Handle ID: 1700 Operation ID: {0,9040004} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1700 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1700 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34EB.tmp Handle ID: 3832 Operation ID: {0,9039987} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34EA.tmp Handle ID: 1700 Operation ID: {0,9039986} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34EA.tmp Handle ID: 2464 Operation ID: {0,9039985} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34EA.tmp Handle ID: 2464 Operation ID: {0,9039978} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34EB.tmp Handle ID: 2464 Operation ID: {0,9039972} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34EA.tmp Handle ID: 2464 Operation ID: {0,9039969} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,9039918} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,9039855} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34E9.tmp Handle ID: 4424 Operation ID: {0,9039821} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34E8.tmp Handle ID: 4424 Operation ID: {0,9039814} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34E9.tmp Handle ID: 4424 Operation ID: {0,9039811} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34E9.tmp Handle ID: 2464 Operation ID: {0,9039795} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34E8.tmp Handle ID: 4424 Operation ID: {0,9039793} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34E8.tmp Handle ID: 3888 Operation ID: {0,9039792} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34E8.tmp Handle ID: 3888 Operation ID: {0,9039781} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34E9.tmp Handle ID: 3888 Operation ID: {0,9039778} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34E8.tmp Handle ID: 3888 Operation ID: {0,9039774} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2464 Operation ID: {0,9039741} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2464 Operation ID: {0,9039703} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,9039662} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3832 Operation ID: {0,9039617} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34E7.tmp Handle ID: 3888 Operation ID: {0,9039588} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34E6.tmp Handle ID: 3888 Operation ID: {0,9039583} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34E7.tmp Handle ID: 3888 Operation ID: {0,9039578} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34E7.tmp Handle ID: 3832 Operation ID: {0,9039563} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34E6.tmp Handle ID: 3888 Operation ID: {0,9039560} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34E6.tmp Handle ID: 4424 Operation ID: {0,9039559} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34E6.tmp Handle ID: 4424 Operation ID: {0,9039550} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34E7.tmp Handle ID: 4424 Operation ID: {0,9039547} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34E6.tmp Handle ID: 4424 Operation ID: {0,9039541} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,9039488} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,9039426} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34E5.tmp Handle ID: 2464 Operation ID: {0,9039389} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34E4.tmp Handle ID: 2464 Operation ID: {0,9039382} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34E5.tmp Handle ID: 2464 Operation ID: {0,9039377} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34E5.tmp Handle ID: 4424 Operation ID: {0,9039362} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34E4.tmp Handle ID: 2464 Operation ID: {0,9039359} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34E4.tmp Handle ID: 3892 Operation ID: {0,9039358} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34E4.tmp Handle ID: 3892 Operation ID: {0,9039347} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34E5.tmp Handle ID: 3892 Operation ID: {0,9039342} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34E4.tmp Handle ID: 3892 Operation ID: {0,9039338} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4424 Operation ID: {0,9039305} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4424 Operation ID: {0,9039267} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,9039224} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3832 Operation ID: {0,9039179} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34E3.tmp Handle ID: 4424 Operation ID: {0,9039154} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34E2.tmp Handle ID: 4424 Operation ID: {0,9039149} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34E3.tmp Handle ID: 4424 Operation ID: {0,9039144} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1700 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34E3.tmp Handle ID: 3832 Operation ID: {0,9039129} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1700 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34E2.tmp Handle ID: 4424 Operation ID: {0,9039126} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34E2.tmp Handle ID: 1700 Operation ID: {0,9039125} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1700 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1700 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34E2.tmp Handle ID: 1700 Operation ID: {0,9039116} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1700 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34E3.tmp Handle ID: 1700 Operation ID: {0,9039113} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1700 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34E2.tmp Handle ID: 1700 Operation ID: {0,9039107} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,9039056} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,9038993} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34E1.tmp Handle ID: 3892 Operation ID: {0,9038961} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34E0.tmp Handle ID: 3892 Operation ID: {0,9038954} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34E1.tmp Handle ID: 3892 Operation ID: {0,9038949} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1700 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1700 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1700 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34E1.tmp Handle ID: 1700 Operation ID: {0,9038936} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34E0.tmp Handle ID: 3892 Operation ID: {0,9038933} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34E0.tmp Handle ID: 4256 Operation ID: {0,9038932} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34E0.tmp Handle ID: 4256 Operation ID: {0,9038923} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34E1.tmp Handle ID: 4256 Operation ID: {0,9038918} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34E0.tmp Handle ID: 4256 Operation ID: {0,9038914} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1700 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1700 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1700 Operation ID: {0,9038881} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1700 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1700 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1700 Operation ID: {0,9038845} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,9038804} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3832 Operation ID: {0,9038758} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1700 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1700 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1700 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1700 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34DF.tmp Handle ID: 1700 Operation ID: {0,9038727} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1700 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1700 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1700 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1700 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34DE.tmp Handle ID: 1700 Operation ID: {0,9038720} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1700 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1700 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34DF.tmp Handle ID: 1700 Operation ID: {0,9038713} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1700 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1700 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34DF.tmp Handle ID: 3832 Operation ID: {0,9038696} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34DE.tmp Handle ID: 1700 Operation ID: {0,9038693} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34DE.tmp Handle ID: 3888 Operation ID: {0,9038692} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34DE.tmp Handle ID: 3888 Operation ID: {0,9038683} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34DF.tmp Handle ID: 3888 Operation ID: {0,9038678} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34DE.tmp Handle ID: 3888 Operation ID: {0,9038676} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,9038623} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,9038562} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34DD.tmp Handle ID: 4256 Operation ID: {0,9038524} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34DC.tmp Handle ID: 4256 Operation ID: {0,9038515} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34DD.tmp Handle ID: 4256 Operation ID: {0,9038510} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34DD.tmp Handle ID: 3888 Operation ID: {0,9038495} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34DC.tmp Handle ID: 4256 Operation ID: {0,9038492} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34DC.tmp Handle ID: 2464 Operation ID: {0,9038491} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34DC.tmp Handle ID: 2464 Operation ID: {0,9038482} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34DD.tmp Handle ID: 2464 Operation ID: {0,9038479} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34DC.tmp Handle ID: 2464 Operation ID: {0,9038475} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3888 Operation ID: {0,9038442} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3888 Operation ID: {0,9038406} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,9038363} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34DB.tmp Handle ID: 3888 Operation ID: {0,9038326} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34DA.tmp Handle ID: 3888 Operation ID: {0,9038319} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34DB.tmp Handle ID: 3888 Operation ID: {0,9038314} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34DB.tmp Handle ID: 3832 Operation ID: {0,9038299} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34DA.tmp Handle ID: 3888 Operation ID: {0,9038296} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34DA.tmp Handle ID: 4424 Operation ID: {0,9038295} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34DA.tmp Handle ID: 4424 Operation ID: {0,9038286} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34DB.tmp Handle ID: 4424 Operation ID: {0,9038283} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34DA.tmp Handle ID: 4424 Operation ID: {0,9038277} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,9038226} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,9038161} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34D9.tmp Handle ID: 2464 Operation ID: {0,9038129} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34D8.tmp Handle ID: 2464 Operation ID: {0,9038124} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34D9.tmp Handle ID: 2464 Operation ID: {0,9038119} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34D9.tmp Handle ID: 4424 Operation ID: {0,9038104} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34D8.tmp Handle ID: 2464 Operation ID: {0,9038101} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34D8.tmp Handle ID: 3892 Operation ID: {0,9038100} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34D8.tmp Handle ID: 3892 Operation ID: {0,9038091} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34D9.tmp Handle ID: 3892 Operation ID: {0,9038088} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34D8.tmp Handle ID: 3892 Operation ID: {0,9038082} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4424 Operation ID: {0,9038049} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4424 Operation ID: {0,9038013} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4424 Operation ID: {0,9037972} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34D7.tmp Handle ID: 4432 Operation ID: {0,9037502} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34D6.tmp Handle ID: 4432 Operation ID: {0,9037497} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34D7.tmp Handle ID: 4432 Operation ID: {0,9037490} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34D7.tmp Handle ID: 4424 Operation ID: {0,9037477} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34D6.tmp Handle ID: 4432 Operation ID: {0,9037474} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34D6.tmp Handle ID: 3892 Operation ID: {0,9037473} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34D6.tmp Handle ID: 3892 Operation ID: {0,9037462} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34D7.tmp Handle ID: 3892 Operation ID: {0,9037459} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34D6.tmp Handle ID: 3892 Operation ID: {0,9037455} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,9037402} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,9037341} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3832 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34D5.tmp Handle ID: 3832 Operation ID: {0,9037309} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3832 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34D4.tmp Handle ID: 3832 Operation ID: {0,9037302} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34D5.tmp Handle ID: 3832 Operation ID: {0,9037297} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4436 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34D5.tmp Handle ID: 3892 Operation ID: {0,9037282} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4436 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34D4.tmp Handle ID: 3832 Operation ID: {0,9037279} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34D4.tmp Handle ID: 4436 Operation ID: {0,9037278} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4436 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4436 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34D4.tmp Handle ID: 4436 Operation ID: {0,9037269} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4436 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34D5.tmp Handle ID: 4436 Operation ID: {0,9037266} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4436 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34D4.tmp Handle ID: 4436 Operation ID: {0,9037260} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3892 Operation ID: {0,9037227} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:41 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3892 Operation ID: {0,9037191} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:41 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,9037148} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4424 Operation ID: {0,9037103} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34D3.tmp Handle ID: 3892 Operation ID: {0,9037077} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34D2.tmp Handle ID: 3892 Operation ID: {0,9037070} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34D3.tmp Handle ID: 3892 Operation ID: {0,9037067} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34D3.tmp Handle ID: 4424 Operation ID: {0,9037052} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34D2.tmp Handle ID: 3892 Operation ID: {0,9037049} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34D2.tmp Handle ID: 4256 Operation ID: {0,9037048} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34D2.tmp Handle ID: 4256 Operation ID: {0,9037039} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34D3.tmp Handle ID: 4256 Operation ID: {0,9037036} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34D2.tmp Handle ID: 4256 Operation ID: {0,9037030} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,9036979} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,9036916} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4436 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4436 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4436 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4436 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34D1.tmp Handle ID: 4436 Operation ID: {0,9036884} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4436 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4436 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4436 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4436 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34D0.tmp Handle ID: 4436 Operation ID: {0,9036877} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4436 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4436 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34D1.tmp Handle ID: 4436 Operation ID: {0,9036872} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4436 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1884 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4436 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34D1.tmp Handle ID: 4256 Operation ID: {0,9036857} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1884 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34D0.tmp Handle ID: 4436 Operation ID: {0,9036854} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34D0.tmp Handle ID: 1884 Operation ID: {0,9036853} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1884 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1884 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34D0.tmp Handle ID: 1884 Operation ID: {0,9036843} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1884 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34D1.tmp Handle ID: 1884 Operation ID: {0,9036839} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1884 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34D0.tmp Handle ID: 1884 Operation ID: {0,9036835} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4256 Operation ID: {0,9036802} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4256 Operation ID: {0,9036764} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,9036723} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4424 Operation ID: {0,9036678} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34CF.tmp Handle ID: 4256 Operation ID: {0,9036653} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34CE.tmp Handle ID: 4256 Operation ID: {0,9036646} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34CF.tmp Handle ID: 4256 Operation ID: {0,9036641} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34CF.tmp Handle ID: 4424 Operation ID: {0,9036626} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34CE.tmp Handle ID: 4256 Operation ID: {0,9036623} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34CE.tmp Handle ID: 4432 Operation ID: {0,9036622} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34CE.tmp Handle ID: 4432 Operation ID: {0,9036612} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34CF.tmp Handle ID: 4432 Operation ID: {0,9036610} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34CE.tmp Handle ID: 4432 Operation ID: {0,9036604} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,9036551} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,9036490} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1884 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1884 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1884 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1884 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34CD.tmp Handle ID: 1884 Operation ID: {0,9036456} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1884 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1884 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1884 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1884 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34CC.tmp Handle ID: 1884 Operation ID: {0,9036451} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1884 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1884 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34CD.tmp Handle ID: 1884 Operation ID: {0,9036446} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1884 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1884 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34CD.tmp Handle ID: 4432 Operation ID: {0,9036430} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34CC.tmp Handle ID: 1884 Operation ID: {0,9036427} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34CC.tmp Handle ID: 3832 Operation ID: {0,9036426} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34CC.tmp Handle ID: 3832 Operation ID: {0,9036415} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34CD.tmp Handle ID: 3832 Operation ID: {0,9036412} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34CC.tmp Handle ID: 3832 Operation ID: {0,9036408} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4432 Operation ID: {0,9036375} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4432 Operation ID: {0,9036337} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,9036294} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4424 Operation ID: {0,9036249} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34CB.tmp Handle ID: 4432 Operation ID: {0,9036220} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34CA.tmp Handle ID: 4432 Operation ID: {0,9036213} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34CB.tmp Handle ID: 4432 Operation ID: {0,9036208} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34CB.tmp Handle ID: 4424 Operation ID: {0,9036195} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34CA.tmp Handle ID: 4432 Operation ID: {0,9036192} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34CA.tmp Handle ID: 3892 Operation ID: {0,9036191} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34CA.tmp Handle ID: 3892 Operation ID: {0,9036182} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34CB.tmp Handle ID: 3892 Operation ID: {0,9036177} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34CA.tmp Handle ID: 3892 Operation ID: {0,9036173} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,9036122} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,9036059} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3832 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34C9.tmp Handle ID: 3832 Operation ID: {0,9036029} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3832 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34C8.tmp Handle ID: 3832 Operation ID: {0,9036022} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34C9.tmp Handle ID: 3832 Operation ID: {0,9036017} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3832 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4436 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3832 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34C9.tmp Handle ID: 3892 Operation ID: {0,9036004} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4436 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34C8.tmp Handle ID: 3832 Operation ID: {0,9036001} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34C8.tmp Handle ID: 4436 Operation ID: {0,9036000} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4436 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4436 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34C8.tmp Handle ID: 4436 Operation ID: {0,9035991} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4436 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34C9.tmp Handle ID: 4436 Operation ID: {0,9035986} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4436 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34C8.tmp Handle ID: 4436 Operation ID: {0,9035984} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3892 Operation ID: {0,9035951} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3892 Operation ID: {0,9035913} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,9035872} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34C7.tmp Handle ID: 3892 Operation ID: {0,9035840} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34C6.tmp Handle ID: 3892 Operation ID: {0,9035833} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34C7.tmp Handle ID: 3892 Operation ID: {0,9035828} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34C7.tmp Handle ID: 4424 Operation ID: {0,9035815} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34C6.tmp Handle ID: 3892 Operation ID: {0,9035812} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34C6.tmp Handle ID: 4256 Operation ID: {0,9035811} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34C6.tmp Handle ID: 4256 Operation ID: {0,9035800} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34C7.tmp Handle ID: 4256 Operation ID: {0,9035797} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34C6.tmp Handle ID: 4256 Operation ID: {0,9035793} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,9035740} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,9035531} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34C5.tmp Handle ID: 4424 Operation ID: {0,9034836} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34C4.tmp Handle ID: 4424 Operation ID: {0,9034812} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34C5.tmp Handle ID: 4424 Operation ID: {0,9034796} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1884 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34C5.tmp Handle ID: 4256 Operation ID: {0,9034612} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1884 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34C4.tmp Handle ID: 4424 Operation ID: {0,9034585} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34C4.tmp Handle ID: 1884 Operation ID: {0,9034584} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1884 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1884 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34C4.tmp Handle ID: 1884 Operation ID: {0,9034549} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1884 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34C5.tmp Handle ID: 1884 Operation ID: {0,9034532} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1884 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34C4.tmp Handle ID: 1884 Operation ID: {0,9034513} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4256 Operation ID: {0,9034388} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4256 Operation ID: {0,9034270} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:40 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:40 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4256 Operation ID: {0,9034140} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:38 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 408 Process ID: 5764 Image File Name: C:\WINDOWS\system32\rundll32.exe " 4/17/2020 11:44:38 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 408 Object Type: Key Process ID: 5764 Image File Name: C:\WINDOWS\system32\rundll32.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:38 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 408 Operation ID: {0,9025749} Process ID: 5764 Image File Name: C:\WINDOWS\system32\rundll32.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x523CA) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:38 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 140 Process ID: 5764 Image File Name: C:\WINDOWS\system32\rundll32.exe " 4/17/2020 11:44:38 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 140 Object Type: Key Process ID: 5764 Image File Name: C:\WINDOWS\system32\rundll32.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:38 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 140 Operation ID: {0,9025548} Process ID: 5764 Image File Name: C:\WINDOWS\system32\rundll32.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x523CA) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:44:38 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 84 Process ID: 5764 Image File Name: C:\WINDOWS\system32\rundll32.exe " 4/17/2020 11:44:38 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 84 Object Type: Key Process ID: 5764 Image File Name: C:\WINDOWS\system32\rundll32.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:38 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 84 Operation ID: {0,9025409} Process ID: 5764 Image File Name: C:\WINDOWS\system32\rundll32.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x523CA) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34C3.tmp Handle ID: 4048 Operation ID: {0,9024669} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34C2.tmp Handle ID: 4048 Operation ID: {0,9024662} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34C3.tmp Handle ID: 4048 Operation ID: {0,9024657} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34C3.tmp Handle ID: 2464 Operation ID: {0,9024646} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34C2.tmp Handle ID: 4048 Operation ID: {0,9024643} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34C2.tmp Handle ID: 4228 Operation ID: {0,9024642} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34C2.tmp Handle ID: 4228 Operation ID: {0,9024631} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34C3.tmp Handle ID: 4228 Operation ID: {0,9024628} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34C2.tmp Handle ID: 4228 Operation ID: {0,9024624} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3888 Operation ID: {0,9024573} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3888 Operation ID: {0,9024510} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3036 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3036 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3036 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3036 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34C1.tmp Handle ID: 3036 Operation ID: {0,9024478} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3036 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3036 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3036 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3036 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34C0.tmp Handle ID: 3036 Operation ID: {0,9024471} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3036 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3036 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34C1.tmp Handle ID: 3036 Operation ID: {0,9024468} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3036 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3036 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34C1.tmp Handle ID: 4228 Operation ID: {0,9024449} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34C0.tmp Handle ID: 3036 Operation ID: {0,9024448} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34C0.tmp Handle ID: 3876 Operation ID: {0,9024447} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34C0.tmp Handle ID: 3876 Operation ID: {0,9024436} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34C1.tmp Handle ID: 3876 Operation ID: {0,9024431} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34C0.tmp Handle ID: 3876 Operation ID: {0,9024427} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4228 Operation ID: {0,9024394} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1884 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1884 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1884 Operation ID: {0,9024355} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3888 Operation ID: {0,9024314} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2464 Operation ID: {0,9024267} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1884 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1884 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1884 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1884 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34BF.tmp Handle ID: 1884 Operation ID: {0,9024240} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1884 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1884 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1884 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1884 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34BE.tmp Handle ID: 1884 Operation ID: {0,9024235} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1884 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1884 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34BF.tmp Handle ID: 1884 Operation ID: {0,9024232} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1884 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1884 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34BF.tmp Handle ID: 2464 Operation ID: {0,9024215} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34BE.tmp Handle ID: 1884 Operation ID: {0,9024214} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34BE.tmp Handle ID: 4228 Operation ID: {0,9024213} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34BE.tmp Handle ID: 4228 Operation ID: {0,9024202} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34BF.tmp Handle ID: 4228 Operation ID: {0,9024201} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34BE.tmp Handle ID: 4228 Operation ID: {0,9024197} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3888 Operation ID: {0,9024144} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3888 Operation ID: {0,9024083} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34BD.tmp Handle ID: 3876 Operation ID: {0,9024049} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34BC.tmp Handle ID: 3876 Operation ID: {0,9024044} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34BD.tmp Handle ID: 3876 Operation ID: {0,9024039} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34BD.tmp Handle ID: 4228 Operation ID: {0,9024026} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34BC.tmp Handle ID: 3876 Operation ID: {0,9024023} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34BC.tmp Handle ID: 4432 Operation ID: {0,9024022} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34BC.tmp Handle ID: 4432 Operation ID: {0,9024015} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34BD.tmp Handle ID: 4432 Operation ID: {0,9024010} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34BC.tmp Handle ID: 4432 Operation ID: {0,9024006} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4228 Operation ID: {0,9023973} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4228 Operation ID: {0,9023937} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3888 Operation ID: {0,9023896} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2464 Operation ID: {0,9023844} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34BB.tmp Handle ID: 4228 Operation ID: {0,9023817} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34BA.tmp Handle ID: 4228 Operation ID: {0,9023808} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34BB.tmp Handle ID: 4228 Operation ID: {0,9023804} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34BB.tmp Handle ID: 2464 Operation ID: {0,9023787} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34BA.tmp Handle ID: 4228 Operation ID: {0,9023786} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34BA.tmp Handle ID: 4048 Operation ID: {0,9023785} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34BA.tmp Handle ID: 4048 Operation ID: {0,9023775} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34BB.tmp Handle ID: 4048 Operation ID: {0,9023773} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34BA.tmp Handle ID: 4048 Operation ID: {0,9023767} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3888 Operation ID: {0,9023716} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3888 Operation ID: {0,9023653} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34B9.tmp Handle ID: 4432 Operation ID: {0,9023615} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34B8.tmp Handle ID: 4432 Operation ID: {0,9023610} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34B9.tmp Handle ID: 4432 Operation ID: {0,9023605} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3036 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34B9.tmp Handle ID: 4048 Operation ID: {0,9023592} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3036 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34B8.tmp Handle ID: 4432 Operation ID: {0,9023589} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34B8.tmp Handle ID: 3036 Operation ID: {0,9023588} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3036 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3036 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34B8.tmp Handle ID: 3036 Operation ID: {0,9023579} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3036 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34B9.tmp Handle ID: 3036 Operation ID: {0,9023574} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3036 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34B8.tmp Handle ID: 3036 Operation ID: {0,9023570} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4048 Operation ID: {0,9023537} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4048 Operation ID: {0,9023499} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3888 Operation ID: {0,9023458} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2464 Operation ID: {0,9023411} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3036 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3036 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3036 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3036 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34B7.tmp Handle ID: 3036 Operation ID: {0,9023380} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3036 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3036 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3036 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3036 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34B6.tmp Handle ID: 3036 Operation ID: {0,9023371} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3036 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3036 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34B7.tmp Handle ID: 3036 Operation ID: {0,9023366} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3036 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3036 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34B7.tmp Handle ID: 2464 Operation ID: {0,9023349} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34B6.tmp Handle ID: 3036 Operation ID: {0,9023346} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34B6.tmp Handle ID: 4432 Operation ID: {0,9023345} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34B6.tmp Handle ID: 4432 Operation ID: {0,9023334} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34B7.tmp Handle ID: 4432 Operation ID: {0,9023333} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34B6.tmp Handle ID: 4432 Operation ID: {0,9023329} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3888 Operation ID: {0,9023276} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3888 Operation ID: {0,9023215} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34B5.tmp Handle ID: 4048 Operation ID: {0,9023180} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34B4.tmp Handle ID: 4048 Operation ID: {0,9023173} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34B5.tmp Handle ID: 4048 Operation ID: {0,9023168} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34B5.tmp Handle ID: 4432 Operation ID: {0,9023157} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34B4.tmp Handle ID: 4048 Operation ID: {0,9023154} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34B4.tmp Handle ID: 3876 Operation ID: {0,9023153} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34B4.tmp Handle ID: 3876 Operation ID: {0,9023144} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34B5.tmp Handle ID: 3876 Operation ID: {0,9023139} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34B4.tmp Handle ID: 3876 Operation ID: {0,9023135} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4432 Operation ID: {0,9023102} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4432 Operation ID: {0,9023064} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3888 Operation ID: {0,9023021} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34B3.tmp Handle ID: 3876 Operation ID: {0,9022989} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34B2.tmp Handle ID: 3876 Operation ID: {0,9022984} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34B3.tmp Handle ID: 3876 Operation ID: {0,9022979} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34B3.tmp Handle ID: 2464 Operation ID: {0,9022966} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34B2.tmp Handle ID: 3876 Operation ID: {0,9022963} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34B2.tmp Handle ID: 4048 Operation ID: {0,9022962} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34B2.tmp Handle ID: 4048 Operation ID: {0,9022953} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34B3.tmp Handle ID: 4048 Operation ID: {0,9022950} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34B2.tmp Handle ID: 4048 Operation ID: {0,9022946} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3888 Operation ID: {0,9022895} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4160 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4160 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4160 Operation ID: {0,9022821} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34B1.tmp Handle ID: 4432 Operation ID: {0,9022787} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34B0.tmp Handle ID: 4432 Operation ID: {0,9022782} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34B1.tmp Handle ID: 4432 Operation ID: {0,9022777} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1884 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34B1.tmp Handle ID: 4048 Operation ID: {0,9022766} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1884 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34B0.tmp Handle ID: 4432 Operation ID: {0,9022765} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34B0.tmp Handle ID: 1884 Operation ID: {0,9022764} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1884 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1884 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34B0.tmp Handle ID: 1884 Operation ID: {0,9022755} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1884 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34B1.tmp Handle ID: 1884 Operation ID: {0,9022750} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1884 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34B0.tmp Handle ID: 1884 Operation ID: {0,9022746} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4048 Operation ID: {0,9022711} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4048 Operation ID: {0,9022675} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:37 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:37 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4048 Operation ID: {0,9022634} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34AF.tmp Handle ID: 2524 Operation ID: {0,9022420} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34AE.tmp Handle ID: 2524 Operation ID: {0,9022415} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34AF.tmp Handle ID: 2524 Operation ID: {0,9022412} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34AF.tmp Handle ID: 4048 Operation ID: {0,9022397} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34AE.tmp Handle ID: 2524 Operation ID: {0,9022394} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34AE.tmp Handle ID: 4432 Operation ID: {0,9022393} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34AE.tmp Handle ID: 4432 Operation ID: {0,9022382} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34AF.tmp Handle ID: 4432 Operation ID: {0,9022379} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34AE.tmp Handle ID: 4432 Operation ID: {0,9022373} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4160 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4160 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4160 Operation ID: {0,9022322} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4160 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4160 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4160 Operation ID: {0,9022261} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34AD.tmp Handle ID: 2464 Operation ID: {0,9022225} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34AC.tmp Handle ID: 2464 Operation ID: {0,9022218} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34AD.tmp Handle ID: 2464 Operation ID: {0,9022215} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34AD.tmp Handle ID: 4432 Operation ID: {0,9022198} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34AC.tmp Handle ID: 2464 Operation ID: {0,9022195} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34AC.tmp Handle ID: 4256 Operation ID: {0,9022194} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34AC.tmp Handle ID: 4256 Operation ID: {0,9022183} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34AD.tmp Handle ID: 4256 Operation ID: {0,9022179} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34AC.tmp Handle ID: 4256 Operation ID: {0,9022174} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4432 Operation ID: {0,9022141} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4432 Operation ID: {0,9022105} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4160 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4160 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4160 Operation ID: {0,9022062} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4048 Operation ID: {0,9022017} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34AB.tmp Handle ID: 4432 Operation ID: {0,9021990} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34AA.tmp Handle ID: 4432 Operation ID: {0,9021985} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34AB.tmp Handle ID: 4432 Operation ID: {0,9021980} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34AB.tmp Handle ID: 4048 Operation ID: {0,9021963} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34AA.tmp Handle ID: 4432 Operation ID: {0,9021960} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34AA.tmp Handle ID: 3892 Operation ID: {0,9021959} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34AA.tmp Handle ID: 3892 Operation ID: {0,9021950} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34AB.tmp Handle ID: 3892 Operation ID: {0,9021945} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34AA.tmp Handle ID: 3892 Operation ID: {0,9021941} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4160 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4160 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4160 Operation ID: {0,9021890} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4160 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4160 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4160 Operation ID: {0,9021826} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34A9.tmp Handle ID: 4256 Operation ID: {0,9021786} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34A8.tmp Handle ID: 4256 Operation ID: {0,9021777} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34A9.tmp Handle ID: 4256 Operation ID: {0,9021770} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34A9.tmp Handle ID: 3892 Operation ID: {0,9021755} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34A8.tmp Handle ID: 4256 Operation ID: {0,9021752} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34A8.tmp Handle ID: 4424 Operation ID: {0,9021751} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34A8.tmp Handle ID: 4424 Operation ID: {0,9021744} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34A9.tmp Handle ID: 4424 Operation ID: {0,9021741} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34A8.tmp Handle ID: 4424 Operation ID: {0,9021735} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3892 Operation ID: {0,9021702} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3892 Operation ID: {0,9021664} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4160 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4160 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4160 Operation ID: {0,9021623} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4048 Operation ID: {0,9021578} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34A7.tmp Handle ID: 3892 Operation ID: {0,9021547} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34A6.tmp Handle ID: 3892 Operation ID: {0,9021540} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34A7.tmp Handle ID: 3892 Operation ID: {0,9021531} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34A7.tmp Handle ID: 4048 Operation ID: {0,9021518} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34A6.tmp Handle ID: 3892 Operation ID: {0,9021515} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34A6.tmp Handle ID: 2524 Operation ID: {0,9021514} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34A6.tmp Handle ID: 2524 Operation ID: {0,9021505} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34A7.tmp Handle ID: 2524 Operation ID: {0,9021502} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34A6.tmp Handle ID: 2524 Operation ID: {0,9021498} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4160 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4160 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4160 Operation ID: {0,9021445} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4160 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4160 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4160 Operation ID: {0,9021380} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34A5.tmp Handle ID: 4424 Operation ID: {0,9021347} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34A4.tmp Handle ID: 4424 Operation ID: {0,9021340} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34A5.tmp Handle ID: 4424 Operation ID: {0,9021335} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34A5.tmp Handle ID: 2524 Operation ID: {0,9021322} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34A4.tmp Handle ID: 4424 Operation ID: {0,9021319} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34A4.tmp Handle ID: 2464 Operation ID: {0,9021318} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34A4.tmp Handle ID: 2464 Operation ID: {0,9021309} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34A5.tmp Handle ID: 2464 Operation ID: {0,9021304} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34A4.tmp Handle ID: 2464 Operation ID: {0,9021300} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2524 Operation ID: {0,9021265} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2524 Operation ID: {0,9021229} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4160 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4160 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4160 Operation ID: {0,9021186} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4048 Operation ID: {0,9021141} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34A3.tmp Handle ID: 2524 Operation ID: {0,9021115} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34A2.tmp Handle ID: 2524 Operation ID: {0,9021109} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34A3.tmp Handle ID: 2524 Operation ID: {0,9021104} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34A3.tmp Handle ID: 4048 Operation ID: {0,9021091} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34A2.tmp Handle ID: 2524 Operation ID: {0,9021088} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34A2.tmp Handle ID: 4432 Operation ID: {0,9021087} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34A2.tmp Handle ID: 4432 Operation ID: {0,9021078} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34A3.tmp Handle ID: 4432 Operation ID: {0,9021073} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34A2.tmp Handle ID: 4432 Operation ID: {0,9021069} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4160 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4160 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4160 Operation ID: {0,9021018} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4160 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4160 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4160 Operation ID: {0,9020953} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34A1.tmp Handle ID: 2464 Operation ID: {0,9020921} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34A0.tmp Handle ID: 2464 Operation ID: {0,9020914} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34A1.tmp Handle ID: 2464 Operation ID: {0,9020909} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34A1.tmp Handle ID: 4432 Operation ID: {0,9020894} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34A0.tmp Handle ID: 2464 Operation ID: {0,9020891} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34A0.tmp Handle ID: 4256 Operation ID: {0,9020890} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34A0.tmp Handle ID: 4256 Operation ID: {0,9020881} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar34A1.tmp Handle ID: 4256 Operation ID: {0,9020876} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab34A0.tmp Handle ID: 4256 Operation ID: {0,9020872} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4432 Operation ID: {0,9020839} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4432 Operation ID: {0,9020801} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4160 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:36 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4160 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:36 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4160 Operation ID: {0,9020760} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar349F.tmp Handle ID: 3876 Operation ID: {0,9020724} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab349E.tmp Handle ID: 3876 Operation ID: {0,9020719} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar349F.tmp Handle ID: 3876 Operation ID: {0,9020716} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar349F.tmp Handle ID: 2464 Operation ID: {0,9020702} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab349E.tmp Handle ID: 3876 Operation ID: {0,9020701} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab349E.tmp Handle ID: 4256 Operation ID: {0,9020700} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab349E.tmp Handle ID: 4256 Operation ID: {0,9020696} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar349F.tmp Handle ID: 4256 Operation ID: {0,9020693} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab349E.tmp Handle ID: 4256 Operation ID: {0,9020691} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4160 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4160 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4160 Operation ID: {0,9020638} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4160 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4160 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4160 Operation ID: {0,9020577} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3036 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3036 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3036 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3036 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar349D.tmp Handle ID: 3036 Operation ID: {0,9020543} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3036 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3036 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3036 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3036 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab349C.tmp Handle ID: 3036 Operation ID: {0,9020542} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3036 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3036 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar349D.tmp Handle ID: 3036 Operation ID: {0,9020541} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3036 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3036 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar349D.tmp Handle ID: 4256 Operation ID: {0,9020534} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab349C.tmp Handle ID: 3036 Operation ID: {0,9020533} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab349C.tmp Handle ID: 4432 Operation ID: {0,9020532} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab349C.tmp Handle ID: 4432 Operation ID: {0,9020529} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar349D.tmp Handle ID: 4432 Operation ID: {0,9020528} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab349C.tmp Handle ID: 4432 Operation ID: {0,9020526} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4256 Operation ID: {0,9020490} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4256 Operation ID: {0,9020454} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4256 Operation ID: {0,9020413} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4224 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4224 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4224 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4224 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar349B.tmp Handle ID: 4224 Operation ID: {0,9020351} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4224 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4224 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4224 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4224 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab349A.tmp Handle ID: 4224 Operation ID: {0,9020346} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4224 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4224 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar349B.tmp Handle ID: 4224 Operation ID: {0,9020341} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4224 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4224 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar349B.tmp Handle ID: 4256 Operation ID: {0,9020328} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab349A.tmp Handle ID: 4224 Operation ID: {0,9020327} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab349A.tmp Handle ID: 4432 Operation ID: {0,9020326} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab349A.tmp Handle ID: 4432 Operation ID: {0,9020319} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar349B.tmp Handle ID: 4432 Operation ID: {0,9020314} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab349A.tmp Handle ID: 4432 Operation ID: {0,9020310} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4160 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4160 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4160 Operation ID: {0,9020259} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4160 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4160 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4160 Operation ID: {0,9020196} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3499.tmp Handle ID: 2464 Operation ID: {0,9020160} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3498.tmp Handle ID: 2464 Operation ID: {0,9020155} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3499.tmp Handle ID: 2464 Operation ID: {0,9020150} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3499.tmp Handle ID: 4432 Operation ID: {0,9020135} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3498.tmp Handle ID: 2464 Operation ID: {0,9020134} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3498.tmp Handle ID: 2524 Operation ID: {0,9020133} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3498.tmp Handle ID: 2524 Operation ID: {0,9020121} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3499.tmp Handle ID: 2524 Operation ID: {0,9020117} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3498.tmp Handle ID: 2524 Operation ID: {0,9020113} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4432 Operation ID: {0,9020080} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4432 Operation ID: {0,9020042} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2780 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2780 Operation ID: {0,9020001} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4048 Operation ID: {0,9019950} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3497.tmp Handle ID: 2524 Operation ID: {0,9019925} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3496.tmp Handle ID: 2524 Operation ID: {0,9019920} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3497.tmp Handle ID: 2524 Operation ID: {0,9019915} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3497.tmp Handle ID: 4048 Operation ID: {0,9019902} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3496.tmp Handle ID: 2524 Operation ID: {0,9019899} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3496.tmp Handle ID: 2464 Operation ID: {0,9019898} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3496.tmp Handle ID: 2464 Operation ID: {0,9019889} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3497.tmp Handle ID: 2464 Operation ID: {0,9019886} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3496.tmp Handle ID: 2464 Operation ID: {0,9019882} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3996 Operation ID: {0,9019829} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3996 Operation ID: {0,9019767} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3495.tmp Handle ID: 4256 Operation ID: {0,9019735} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3494.tmp Handle ID: 4256 Operation ID: {0,9019728} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3495.tmp Handle ID: 4256 Operation ID: {0,9019725} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3495.tmp Handle ID: 2464 Operation ID: {0,9019712} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3494.tmp Handle ID: 4256 Operation ID: {0,9019709} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3494.tmp Handle ID: 4424 Operation ID: {0,9019708} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3494.tmp Handle ID: 4424 Operation ID: {0,9019699} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3495.tmp Handle ID: 4424 Operation ID: {0,9019696} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3494.tmp Handle ID: 4424 Operation ID: {0,9019692} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2464 Operation ID: {0,9019659} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2464 Operation ID: {0,9019621} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,9019578} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3876 Operation ID: {0,9019527} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3493.tmp Handle ID: 4048 Operation ID: {0,9019500} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3492.tmp Handle ID: 4048 Operation ID: {0,9019493} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3493.tmp Handle ID: 4048 Operation ID: {0,9019490} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3493.tmp Handle ID: 3876 Operation ID: {0,9019471} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3492.tmp Handle ID: 4048 Operation ID: {0,9019470} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3492.tmp Handle ID: 2912 Operation ID: {0,9019469} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3492.tmp Handle ID: 2912 Operation ID: {0,9019466} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3493.tmp Handle ID: 2912 Operation ID: {0,9019461} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3492.tmp Handle ID: 2912 Operation ID: {0,9019455} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3996 Operation ID: {0,9019393} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4160 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4160 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4160 Operation ID: {0,9019288} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3491.tmp Handle ID: 2524 Operation ID: {0,9019024} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3490.tmp Handle ID: 2524 Operation ID: {0,9019001} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3491.tmp Handle ID: 2524 Operation ID: {0,9018983} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4212 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4212 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4212 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3491.tmp Handle ID: 4212 Operation ID: {0,9018653} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3490.tmp Handle ID: 2524 Operation ID: {0,9018644} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3490.tmp Handle ID: 2912 Operation ID: {0,9018639} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3490.tmp Handle ID: 2912 Operation ID: {0,9018577} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3491.tmp Handle ID: 2912 Operation ID: {0,9018547} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3490.tmp Handle ID: 2912 Operation ID: {0,9018524} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4212 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4212 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4212 Operation ID: {0,9018462} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4212 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4212 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4212 Operation ID: {0,9018424} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,9018381} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4048 Operation ID: {0,9018084} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar348F.tmp Handle ID: 2912 Operation ID: {0,9018057} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab348E.tmp Handle ID: 2912 Operation ID: {0,9018052} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar348F.tmp Handle ID: 2912 Operation ID: {0,9018047} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar348F.tmp Handle ID: 4048 Operation ID: {0,9018034} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab348E.tmp Handle ID: 2912 Operation ID: {0,9018031} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab348E.tmp Handle ID: 3892 Operation ID: {0,9018030} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab348E.tmp Handle ID: 3892 Operation ID: {0,9018018} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar348F.tmp Handle ID: 3892 Operation ID: {0,9018016} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab348E.tmp Handle ID: 3892 Operation ID: {0,9018012} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3996 Operation ID: {0,9017959} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3996 Operation ID: {0,9017897} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4452 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4452 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4452 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4452 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar348D.tmp Handle ID: 4452 Operation ID: {0,9017867} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4452 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4452 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4452 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4452 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab348C.tmp Handle ID: 4452 Operation ID: {0,9017860} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4452 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4452 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar348D.tmp Handle ID: 4452 Operation ID: {0,9017852} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4452 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4224 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4452 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar348D.tmp Handle ID: 3892 Operation ID: {0,9017839} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4224 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab348C.tmp Handle ID: 4452 Operation ID: {0,9017836} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab348C.tmp Handle ID: 4224 Operation ID: {0,9017835} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4224 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4224 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab348C.tmp Handle ID: 4224 Operation ID: {0,9017826} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4224 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar348D.tmp Handle ID: 4224 Operation ID: {0,9017821} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4224 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab348C.tmp Handle ID: 4224 Operation ID: {0,9017817} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3892 Operation ID: {0,9017784} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3892 Operation ID: {0,9017748} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,9017705} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar348B.tmp Handle ID: 4048 Operation ID: {0,9017663} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab348A.tmp Handle ID: 4048 Operation ID: {0,9017652} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar348B.tmp Handle ID: 4048 Operation ID: {0,9017649} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar348B.tmp Handle ID: 2464 Operation ID: {0,9017634} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab348A.tmp Handle ID: 4048 Operation ID: {0,9017631} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab348A.tmp Handle ID: 4192 Operation ID: {0,9017630} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab348A.tmp Handle ID: 4192 Operation ID: {0,9017619} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar348B.tmp Handle ID: 4192 Operation ID: {0,9017616} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab348A.tmp Handle ID: 4192 Operation ID: {0,9017612} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3996 Operation ID: {0,9017561} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,9017498} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4360 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4360 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4360 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4360 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3489.tmp Handle ID: 4360 Operation ID: {0,9017460} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4360 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4360 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4360 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4360 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3488.tmp Handle ID: 4360 Operation ID: {0,9017453} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4360 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4360 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3489.tmp Handle ID: 4360 Operation ID: {0,9017447} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4360 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4332 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4360 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3489.tmp Handle ID: 4192 Operation ID: {0,9017425} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4332 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3488.tmp Handle ID: 4360 Operation ID: {0,9017422} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3488.tmp Handle ID: 4332 Operation ID: {0,9017421} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4332 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4332 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3488.tmp Handle ID: 4332 Operation ID: {0,9017412} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4332 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3489.tmp Handle ID: 4332 Operation ID: {0,9017407} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4332 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3488.tmp Handle ID: 4332 Operation ID: {0,9017403} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4192 Operation ID: {0,9017370} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4192 Operation ID: {0,9017332} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4192 Operation ID: {0,9017267} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3564 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3564 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3564 Operation ID: {0,9011214} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:44:28 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4456 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:44:28 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4456 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:28 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 4456 Operation ID: {0,9010464} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:44:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 184 Process ID: 5096 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe " 4/17/2020 11:44:11 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 184 Process ID: 5096 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe " 4/17/2020 11:44:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 184 Object Type: File Process ID: 5096 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:44:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 184 Object Type: File Process ID: 5096 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\OLD3487.tmp Handle ID: 184 Operation ID: {0,9003265} Process ID: 5096 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:44:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 184 Process ID: 5096 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe " 4/17/2020 11:44:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 184 Object Type: File Process ID: 5096 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\OLD3487.tmp Handle ID: 184 Operation ID: {0,9003262} Process ID: 5096 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE WriteAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x100100 " 4/17/2020 11:44:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 188 Process ID: 5096 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe " 4/17/2020 11:44:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 188 Object Type: File Process ID: 5096 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 188 Object Type: File Process ID: 5096 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe Accesses: AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x4 " 4/17/2020 11:44:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 188 Object Type: File Process ID: 5096 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe Accesses: WriteData (or AddFile) Access Mask: 0x2 " 4/17/2020 11:44:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 188 Object Type: File Process ID: 5096 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:44:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\OLD3487.tmp Handle ID: 188 Operation ID: {0,9003212} Process ID: 5096 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x130196 " 4/17/2020 11:44:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 184 Process ID: 5096 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe " 4/17/2020 11:44:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 184 Object Type: File Process ID: 5096 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:44:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\OLD3487.tmp Handle ID: 184 Operation ID: {0,9003203} Process ID: 5096 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE WriteAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x100100 " 4/17/2020 11:44:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 184 Process ID: 5096 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe " 4/17/2020 11:44:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\OLD3487.tmp Handle ID: 184 Operation ID: {0,9003200} Process ID: 5096 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:44:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 156 Process ID: 5096 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe " 4/17/2020 11:44:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 156 Object Type: Key Process ID: 5096 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 156 Operation ID: {0,9003053} Process ID: 5096 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:44:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 92 Process ID: 5096 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe " 4/17/2020 11:44:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 92 Object Type: Key Process ID: 5096 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:44:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 92 Operation ID: {0,9002940} Process ID: 5096 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\native.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3486.tmp Handle ID: 3288 Operation ID: {0,8993975} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3485.tmp Handle ID: 3288 Operation ID: {0,8993974} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3486.tmp Handle ID: 3288 Operation ID: {0,8993973} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3486.tmp Handle ID: 3892 Operation ID: {0,8993972} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3485.tmp Handle ID: 3288 Operation ID: {0,8993971} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3485.tmp Handle ID: 4128 Operation ID: {0,8993970} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3485.tmp Handle ID: 4128 Operation ID: {0,8993967} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3486.tmp Handle ID: 4128 Operation ID: {0,8993966} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3485.tmp Handle ID: 4128 Operation ID: {0,8993964} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,8993911} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,8993836} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3484.tmp Handle ID: 4128 Operation ID: {0,8993796} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3483.tmp Handle ID: 4128 Operation ID: {0,8993791} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3484.tmp Handle ID: 4128 Operation ID: {0,8993786} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3484.tmp Handle ID: 3288 Operation ID: {0,8993775} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3483.tmp Handle ID: 4128 Operation ID: {0,8993774} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3483.tmp Handle ID: 2464 Operation ID: {0,8993773} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3483.tmp Handle ID: 2464 Operation ID: {0,8993770} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3484.tmp Handle ID: 2464 Operation ID: {0,8993769} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3483.tmp Handle ID: 2464 Operation ID: {0,8993767} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3288 Operation ID: {0,8993732} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3288 Operation ID: {0,8993694} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,8993653} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4048 Operation ID: {0,8993610} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3482.tmp Handle ID: 3288 Operation ID: {0,8993587} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3481.tmp Handle ID: 3288 Operation ID: {0,8993580} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3482.tmp Handle ID: 3288 Operation ID: {0,8993575} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3482.tmp Handle ID: 4048 Operation ID: {0,8993559} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3481.tmp Handle ID: 3288 Operation ID: {0,8993557} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3481.tmp Handle ID: 2912 Operation ID: {0,8993556} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3481.tmp Handle ID: 2912 Operation ID: {0,8993545} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3482.tmp Handle ID: 2912 Operation ID: {0,8993542} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3481.tmp Handle ID: 2912 Operation ID: {0,8993538} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,8993485} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,8993422} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3480.tmp Handle ID: 2464 Operation ID: {0,8993388} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab347F.tmp Handle ID: 2464 Operation ID: {0,8993383} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3480.tmp Handle ID: 2464 Operation ID: {0,8993378} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3480.tmp Handle ID: 3288 Operation ID: {0,8993363} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab347F.tmp Handle ID: 2464 Operation ID: {0,8993362} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab347F.tmp Handle ID: 3876 Operation ID: {0,8993361} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab347F.tmp Handle ID: 3876 Operation ID: {0,8993352} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3480.tmp Handle ID: 3876 Operation ID: {0,8993351} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab347F.tmp Handle ID: 3876 Operation ID: {0,8993347} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3288 Operation ID: {0,8993312} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3288 Operation ID: {0,8993276} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,8993233} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2912 Operation ID: {0,8993188} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar347E.tmp Handle ID: 3288 Operation ID: {0,8993159} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab347D.tmp Handle ID: 3288 Operation ID: {0,8993154} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar347E.tmp Handle ID: 3288 Operation ID: {0,8993149} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar347E.tmp Handle ID: 2912 Operation ID: {0,8993135} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab347D.tmp Handle ID: 3288 Operation ID: {0,8993132} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab347D.tmp Handle ID: 3892 Operation ID: {0,8993131} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab347D.tmp Handle ID: 3892 Operation ID: {0,8993120} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar347E.tmp Handle ID: 3892 Operation ID: {0,8993115} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab347D.tmp Handle ID: 3892 Operation ID: {0,8993111} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,8993060} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,8992997} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar347C.tmp Handle ID: 3876 Operation ID: {0,8992965} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab347B.tmp Handle ID: 3876 Operation ID: {0,8992960} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar347C.tmp Handle ID: 3876 Operation ID: {0,8992955} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar347C.tmp Handle ID: 3892 Operation ID: {0,8992940} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab347B.tmp Handle ID: 3876 Operation ID: {0,8992937} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab347B.tmp Handle ID: 4128 Operation ID: {0,8992936} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab347B.tmp Handle ID: 4128 Operation ID: {0,8992927} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar347C.tmp Handle ID: 4128 Operation ID: {0,8992924} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab347B.tmp Handle ID: 4128 Operation ID: {0,8992918} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3892 Operation ID: {0,8992885} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3892 Operation ID: {0,8992847} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,8992806} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2912 Operation ID: {0,8992761} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar347A.tmp Handle ID: 3892 Operation ID: {0,8992732} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3479.tmp Handle ID: 3892 Operation ID: {0,8992727} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar347A.tmp Handle ID: 3892 Operation ID: {0,8992722} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar347A.tmp Handle ID: 2912 Operation ID: {0,8992707} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3479.tmp Handle ID: 3892 Operation ID: {0,8992704} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3479.tmp Handle ID: 4048 Operation ID: {0,8992703} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3479.tmp Handle ID: 4048 Operation ID: {0,8992692} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar347A.tmp Handle ID: 4048 Operation ID: {0,8992689} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3479.tmp Handle ID: 4048 Operation ID: {0,8992685} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,8992632} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,8992571} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3478.tmp Handle ID: 4128 Operation ID: {0,8992537} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3477.tmp Handle ID: 4128 Operation ID: {0,8992530} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3478.tmp Handle ID: 4128 Operation ID: {0,8992525} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3478.tmp Handle ID: 4048 Operation ID: {0,8992514} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3477.tmp Handle ID: 4128 Operation ID: {0,8992511} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3477.tmp Handle ID: 2464 Operation ID: {0,8992510} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3477.tmp Handle ID: 2464 Operation ID: {0,8992499} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3478.tmp Handle ID: 2464 Operation ID: {0,8992498} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3477.tmp Handle ID: 2464 Operation ID: {0,8992492} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4048 Operation ID: {0,8992459} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4048 Operation ID: {0,8992423} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,8992380} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3476.tmp Handle ID: 4048 Operation ID: {0,8992344} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3475.tmp Handle ID: 4048 Operation ID: {0,8992337} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3476.tmp Handle ID: 4048 Operation ID: {0,8992332} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3476.tmp Handle ID: 2912 Operation ID: {0,8992317} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3475.tmp Handle ID: 4048 Operation ID: {0,8992314} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3475.tmp Handle ID: 3288 Operation ID: {0,8992313} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3475.tmp Handle ID: 3288 Operation ID: {0,8992304} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3476.tmp Handle ID: 3288 Operation ID: {0,8992299} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3475.tmp Handle ID: 3288 Operation ID: {0,8992295} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,8992244} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4272 Operation ID: {0,8992181} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3474.tmp Handle ID: 3288 Operation ID: {0,8992147} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3473.tmp Handle ID: 3288 Operation ID: {0,8992142} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3474.tmp Handle ID: 3288 Operation ID: {0,8992137} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3474.tmp Handle ID: 3996 Operation ID: {0,8992122} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3473.tmp Handle ID: 3288 Operation ID: {0,8992119} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3473.tmp Handle ID: 3892 Operation ID: {0,8992118} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3473.tmp Handle ID: 3892 Operation ID: {0,8992107} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3474.tmp Handle ID: 3892 Operation ID: {0,8992102} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3473.tmp Handle ID: 3892 Operation ID: {0,8992098} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3996 Operation ID: {0,8992063} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3996 Operation ID: {0,8992027} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3996 Operation ID: {0,8991988} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:26 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 408 Process ID: 5936 Image File Name: C:\WINDOWS\system32\rundll32.exe " 4/17/2020 11:43:26 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 408 Object Type: Key Process ID: 5936 Image File Name: C:\WINDOWS\system32\rundll32.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:26 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 408 Operation ID: {0,8982173} Process ID: 5936 Image File Name: C:\WINDOWS\system32\rundll32.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x523CA) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:26 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 140 Process ID: 5936 Image File Name: C:\WINDOWS\system32\rundll32.exe " 4/17/2020 11:43:26 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 140 Object Type: Key Process ID: 5936 Image File Name: C:\WINDOWS\system32\rundll32.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:26 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 140 Operation ID: {0,8981967} Process ID: 5936 Image File Name: C:\WINDOWS\system32\rundll32.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x523CA) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:43:26 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 84 Process ID: 5936 Image File Name: C:\WINDOWS\system32\rundll32.exe " 4/17/2020 11:43:26 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 84 Object Type: Key Process ID: 5936 Image File Name: C:\WINDOWS\system32\rundll32.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:26 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 84 Operation ID: {0,8981811} Process ID: 5936 Image File Name: C:\WINDOWS\system32\rundll32.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x523CA) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3472.tmp Handle ID: 4280 Operation ID: {0,8967033} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3471.tmp Handle ID: 4280 Operation ID: {0,8967028} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3472.tmp Handle ID: 4280 Operation ID: {0,8967023} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3472.tmp Handle ID: 3180 Operation ID: {0,8967008} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3471.tmp Handle ID: 4280 Operation ID: {0,8967005} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3471.tmp Handle ID: 1672 Operation ID: {0,8967004} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3471.tmp Handle ID: 1672 Operation ID: {0,8966993} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3472.tmp Handle ID: 1672 Operation ID: {0,8966988} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3471.tmp Handle ID: 1672 Operation ID: {0,8966986} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4128 Operation ID: {0,8966935} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4128 Operation ID: {0,8966871} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3470.tmp Handle ID: 3288 Operation ID: {0,8966839} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab346F.tmp Handle ID: 3288 Operation ID: {0,8966834} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3470.tmp Handle ID: 3288 Operation ID: {0,8966829} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3470.tmp Handle ID: 1672 Operation ID: {0,8966814} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab346F.tmp Handle ID: 3288 Operation ID: {0,8966811} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab346F.tmp Handle ID: 3892 Operation ID: {0,8966810} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab346F.tmp Handle ID: 3892 Operation ID: {0,8966799} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3470.tmp Handle ID: 3892 Operation ID: {0,8966798} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab346F.tmp Handle ID: 3892 Operation ID: {0,8966792} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1672 Operation ID: {0,8966759} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1672 Operation ID: {0,8966721} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4128 Operation ID: {0,8966680} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3180 Operation ID: {0,8966635} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar346E.tmp Handle ID: 1672 Operation ID: {0,8966610} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab346D.tmp Handle ID: 1672 Operation ID: {0,8966605} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar346E.tmp Handle ID: 1672 Operation ID: {0,8966600} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar346E.tmp Handle ID: 3180 Operation ID: {0,8966585} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab346D.tmp Handle ID: 1672 Operation ID: {0,8966584} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab346D.tmp Handle ID: 3996 Operation ID: {0,8966583} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab346D.tmp Handle ID: 3996 Operation ID: {0,8966574} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar346E.tmp Handle ID: 3996 Operation ID: {0,8966569} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab346D.tmp Handle ID: 3996 Operation ID: {0,8966565} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4128 Operation ID: {0,8966512} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4128 Operation ID: {0,8966451} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar346C.tmp Handle ID: 3892 Operation ID: {0,8966415} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab346B.tmp Handle ID: 3892 Operation ID: {0,8966404} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar346C.tmp Handle ID: 3892 Operation ID: {0,8966399} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar346C.tmp Handle ID: 3996 Operation ID: {0,8966381} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab346B.tmp Handle ID: 3892 Operation ID: {0,8966378} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab346B.tmp Handle ID: 2464 Operation ID: {0,8966377} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab346B.tmp Handle ID: 2464 Operation ID: {0,8966368} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar346C.tmp Handle ID: 2464 Operation ID: {0,8966363} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab346B.tmp Handle ID: 2464 Operation ID: {0,8966359} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3996 Operation ID: {0,8966324} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3996 Operation ID: {0,8966288} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4128 Operation ID: {0,8966245} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3180 Operation ID: {0,8966199} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar346A.tmp Handle ID: 3996 Operation ID: {0,8966172} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3469.tmp Handle ID: 3996 Operation ID: {0,8966165} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar346A.tmp Handle ID: 3996 Operation ID: {0,8966160} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar346A.tmp Handle ID: 3180 Operation ID: {0,8966147} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3469.tmp Handle ID: 3996 Operation ID: {0,8966144} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3469.tmp Handle ID: 4280 Operation ID: {0,8966143} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3469.tmp Handle ID: 4280 Operation ID: {0,8966132} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar346A.tmp Handle ID: 4280 Operation ID: {0,8966129} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3469.tmp Handle ID: 4280 Operation ID: {0,8966125} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4128 Operation ID: {0,8966074} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4128 Operation ID: {0,8966011} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3468.tmp Handle ID: 2464 Operation ID: {0,8965981} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3467.tmp Handle ID: 2464 Operation ID: {0,8965974} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3468.tmp Handle ID: 2464 Operation ID: {0,8965969} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3468.tmp Handle ID: 4280 Operation ID: {0,8965954} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3467.tmp Handle ID: 2464 Operation ID: {0,8965953} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3467.tmp Handle ID: 3288 Operation ID: {0,8965952} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3467.tmp Handle ID: 3288 Operation ID: {0,8965941} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3468.tmp Handle ID: 3288 Operation ID: {0,8965940} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3467.tmp Handle ID: 3288 Operation ID: {0,8965936} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4280 Operation ID: {0,8965903} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4280 Operation ID: {0,8965865} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4128 Operation ID: {0,8965824} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3180 Operation ID: {0,8965779} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3466.tmp Handle ID: 4280 Operation ID: {0,8965754} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3465.tmp Handle ID: 4280 Operation ID: {0,8965747} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3466.tmp Handle ID: 4280 Operation ID: {0,8965742} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3466.tmp Handle ID: 3180 Operation ID: {0,8965727} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3465.tmp Handle ID: 4280 Operation ID: {0,8965724} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3465.tmp Handle ID: 1672 Operation ID: {0,8965723} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3465.tmp Handle ID: 1672 Operation ID: {0,8965713} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3466.tmp Handle ID: 1672 Operation ID: {0,8965709} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3465.tmp Handle ID: 1672 Operation ID: {0,8965705} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4128 Operation ID: {0,8965652} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2912 Operation ID: {0,8965589} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3464.tmp Handle ID: 3288 Operation ID: {0,8965555} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3463.tmp Handle ID: 3288 Operation ID: {0,8965548} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3464.tmp Handle ID: 3288 Operation ID: {0,8965545} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3464.tmp Handle ID: 1672 Operation ID: {0,8965528} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3463.tmp Handle ID: 3288 Operation ID: {0,8965527} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3463.tmp Handle ID: 3892 Operation ID: {0,8965526} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3463.tmp Handle ID: 3892 Operation ID: {0,8965515} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3464.tmp Handle ID: 3892 Operation ID: {0,8965512} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3463.tmp Handle ID: 3892 Operation ID: {0,8965508} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1672 Operation ID: {0,8965473} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1672 Operation ID: {0,8965435} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4128 Operation ID: {0,8965394} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3462.tmp Handle ID: 1672 Operation ID: {0,8965360} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3461.tmp Handle ID: 1672 Operation ID: {0,8965355} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3462.tmp Handle ID: 1672 Operation ID: {0,8965350} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3462.tmp Handle ID: 3180 Operation ID: {0,8965335} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3461.tmp Handle ID: 1672 Operation ID: {0,8965334} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3461.tmp Handle ID: 3996 Operation ID: {0,8965333} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3461.tmp Handle ID: 3996 Operation ID: {0,8965322} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3462.tmp Handle ID: 3996 Operation ID: {0,8965321} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3461.tmp Handle ID: 3996 Operation ID: {0,8965315} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4128 Operation ID: {0,8965264} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4128 Operation ID: {0,8965201} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3460.tmp Handle ID: 3892 Operation ID: {0,8965163} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab345F.tmp Handle ID: 3892 Operation ID: {0,8965158} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3460.tmp Handle ID: 3892 Operation ID: {0,8965153} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3892 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3892 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3460.tmp Handle ID: 3996 Operation ID: {0,8965138} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab345F.tmp Handle ID: 3892 Operation ID: {0,8965137} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab345F.tmp Handle ID: 2464 Operation ID: {0,8965136} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab345F.tmp Handle ID: 2464 Operation ID: {0,8965125} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3460.tmp Handle ID: 2464 Operation ID: {0,8965122} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab345F.tmp Handle ID: 2464 Operation ID: {0,8965118} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3996 Operation ID: {0,8965085} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3996 Operation ID: {0,8965049} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3996 Operation ID: {0,8965010} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar345E.tmp Handle ID: 4228 Operation ID: {0,8964890} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab345D.tmp Handle ID: 4228 Operation ID: {0,8964885} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar345E.tmp Handle ID: 4228 Operation ID: {0,8964880} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar345E.tmp Handle ID: 3996 Operation ID: {0,8964865} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab345D.tmp Handle ID: 4228 Operation ID: {0,8964862} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab345D.tmp Handle ID: 2464 Operation ID: {0,8964861} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab345D.tmp Handle ID: 2464 Operation ID: {0,8964850} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar345E.tmp Handle ID: 2464 Operation ID: {0,8964847} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab345D.tmp Handle ID: 2464 Operation ID: {0,8964843} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4128 Operation ID: {0,8964790} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4128 Operation ID: {0,8964729} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar345C.tmp Handle ID: 3180 Operation ID: {0,8964693} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab345B.tmp Handle ID: 3180 Operation ID: {0,8964688} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar345C.tmp Handle ID: 3180 Operation ID: {0,8964683} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4160 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar345C.tmp Handle ID: 2464 Operation ID: {0,8964668} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4160 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab345B.tmp Handle ID: 3180 Operation ID: {0,8964665} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab345B.tmp Handle ID: 4160 Operation ID: {0,8964664} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4160 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4160 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab345B.tmp Handle ID: 4160 Operation ID: {0,8964653} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4160 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar345C.tmp Handle ID: 4160 Operation ID: {0,8964650} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4160 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab345B.tmp Handle ID: 4160 Operation ID: {0,8964646} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2464 Operation ID: {0,8964613} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2464 Operation ID: {0,8964575} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4128 Operation ID: {0,8964532} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2464 Operation ID: {0,8964487} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4160 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4160 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4160 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4160 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar345A.tmp Handle ID: 4160 Operation ID: {0,8964460} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4160 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4160 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4160 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4160 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3459.tmp Handle ID: 4160 Operation ID: {0,8964455} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4160 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4160 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar345A.tmp Handle ID: 4160 Operation ID: {0,8964452} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4160 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4160 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar345A.tmp Handle ID: 2464 Operation ID: {0,8964437} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3459.tmp Handle ID: 4160 Operation ID: {0,8964436} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3459.tmp Handle ID: 3180 Operation ID: {0,8964435} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3459.tmp Handle ID: 3180 Operation ID: {0,8964426} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar345A.tmp Handle ID: 3180 Operation ID: {0,8964421} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3459.tmp Handle ID: 3180 Operation ID: {0,8964417} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4128 Operation ID: {0,8964365} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4128 Operation ID: {0,8964302} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3458.tmp Handle ID: 3288 Operation ID: {0,8963999} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3457.tmp Handle ID: 3288 Operation ID: {0,8963994} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3458.tmp Handle ID: 3288 Operation ID: {0,8963989} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3458.tmp Handle ID: 3180 Operation ID: {0,8963974} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3457.tmp Handle ID: 3288 Operation ID: {0,8963971} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3457.tmp Handle ID: 4192 Operation ID: {0,8963970} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3457.tmp Handle ID: 4192 Operation ID: {0,8963963} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3458.tmp Handle ID: 4192 Operation ID: {0,8963958} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3457.tmp Handle ID: 4192 Operation ID: {0,8963954} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3180 Operation ID: {0,8963919} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3180 Operation ID: {0,8963881} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4128 Operation ID: {0,8963840} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2464 Operation ID: {0,8963795} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3456.tmp Handle ID: 3180 Operation ID: {0,8963768} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3455.tmp Handle ID: 3180 Operation ID: {0,8963763} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3456.tmp Handle ID: 3180 Operation ID: {0,8963760} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3456.tmp Handle ID: 2464 Operation ID: {0,8963743} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3455.tmp Handle ID: 3180 Operation ID: {0,8963742} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3455.tmp Handle ID: 4228 Operation ID: {0,8963741} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3455.tmp Handle ID: 4228 Operation ID: {0,8963730} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3456.tmp Handle ID: 4228 Operation ID: {0,8963729} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3455.tmp Handle ID: 4228 Operation ID: {0,8963725} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4128 Operation ID: {0,8963672} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4128 Operation ID: {0,8963611} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3454.tmp Handle ID: 4192 Operation ID: {0,8963577} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3453.tmp Handle ID: 4192 Operation ID: {0,8963572} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3454.tmp Handle ID: 4192 Operation ID: {0,8963567} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3454.tmp Handle ID: 4228 Operation ID: {0,8963552} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3453.tmp Handle ID: 4192 Operation ID: {0,8963549} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3453.tmp Handle ID: 3996 Operation ID: {0,8963548} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3453.tmp Handle ID: 3996 Operation ID: {0,8963537} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3454.tmp Handle ID: 3996 Operation ID: {0,8963531} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3453.tmp Handle ID: 3996 Operation ID: {0,8963527} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4228 Operation ID: {0,8963494} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4228 Operation ID: {0,8963456} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4128 Operation ID: {0,8963413} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2464 Operation ID: {0,8963368} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3452.tmp Handle ID: 3996 Operation ID: {0,8963341} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3451.tmp Handle ID: 3996 Operation ID: {0,8963336} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3452.tmp Handle ID: 3996 Operation ID: {0,8963331} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3452.tmp Handle ID: 2464 Operation ID: {0,8963318} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3451.tmp Handle ID: 3996 Operation ID: {0,8963315} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3451.tmp Handle ID: 4192 Operation ID: {0,8963314} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3451.tmp Handle ID: 4192 Operation ID: {0,8963303} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3452.tmp Handle ID: 4192 Operation ID: {0,8963302} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3451.tmp Handle ID: 4192 Operation ID: {0,8963298} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4128 Operation ID: {0,8963247} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4128 Operation ID: {0,8963184} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3450.tmp Handle ID: 4228 Operation ID: {0,8963132} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab344F.tmp Handle ID: 4228 Operation ID: {0,8963127} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3450.tmp Handle ID: 4228 Operation ID: {0,8963124} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3450.tmp Handle ID: 4192 Operation ID: {0,8963105} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab344F.tmp Handle ID: 4228 Operation ID: {0,8963102} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab344F.tmp Handle ID: 3288 Operation ID: {0,8963101} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab344F.tmp Handle ID: 3288 Operation ID: {0,8963092} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3450.tmp Handle ID: 3288 Operation ID: {0,8963091} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab344F.tmp Handle ID: 3288 Operation ID: {0,8963087} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4192 Operation ID: {0,8963054} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4192 Operation ID: {0,8963016} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4128 Operation ID: {0,8962975} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar344E.tmp Handle ID: 4192 Operation ID: {0,8962936} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab344D.tmp Handle ID: 4192 Operation ID: {0,8962931} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar344E.tmp Handle ID: 4192 Operation ID: {0,8962928} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar344E.tmp Handle ID: 2464 Operation ID: {0,8962913} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab344D.tmp Handle ID: 4192 Operation ID: {0,8962910} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab344D.tmp Handle ID: 3180 Operation ID: {0,8962909} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab344D.tmp Handle ID: 3180 Operation ID: {0,8962898} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar344E.tmp Handle ID: 3180 Operation ID: {0,8962895} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab344D.tmp Handle ID: 3180 Operation ID: {0,8962891} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4128 Operation ID: {0,8962838} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4128 Operation ID: {0,8962777} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4160 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4160 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4160 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4160 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar344C.tmp Handle ID: 4160 Operation ID: {0,8962404} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4160 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4160 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4160 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4160 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab344B.tmp Handle ID: 4160 Operation ID: {0,8962403} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4160 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4160 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar344C.tmp Handle ID: 4160 Operation ID: {0,8962369} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4160 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4160 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar344C.tmp Handle ID: 3180 Operation ID: {0,8962159} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab344B.tmp Handle ID: 4160 Operation ID: {0,8962158} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab344B.tmp Handle ID: 3288 Operation ID: {0,8962155} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab344B.tmp Handle ID: 3288 Operation ID: {0,8962102} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar344C.tmp Handle ID: 3288 Operation ID: {0,8962071} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab344B.tmp Handle ID: 3288 Operation ID: {0,8962030} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3180 Operation ID: {0,8961891} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3180 Operation ID: {0,8961810} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:15 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:15 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3180 Operation ID: {0,8961667} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar344A.tmp Handle ID: 3888 Operation ID: {0,8961608} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3449.tmp Handle ID: 3888 Operation ID: {0,8961603} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar344A.tmp Handle ID: 3888 Operation ID: {0,8961598} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar344A.tmp Handle ID: 3180 Operation ID: {0,8961583} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3449.tmp Handle ID: 3888 Operation ID: {0,8961580} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3449.tmp Handle ID: 3288 Operation ID: {0,8961579} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3449.tmp Handle ID: 3288 Operation ID: {0,8961570} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar344A.tmp Handle ID: 3288 Operation ID: {0,8961565} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3449.tmp Handle ID: 3288 Operation ID: {0,8961561} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4128 Operation ID: {0,8961510} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4128 Operation ID: {0,8961447} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3448.tmp Handle ID: 2464 Operation ID: {0,8961415} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3447.tmp Handle ID: 2464 Operation ID: {0,8961408} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3448.tmp Handle ID: 2464 Operation ID: {0,8961403} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3448.tmp Handle ID: 3288 Operation ID: {0,8961390} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3447.tmp Handle ID: 2464 Operation ID: {0,8961387} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3447.tmp Handle ID: 1672 Operation ID: {0,8961386} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3447.tmp Handle ID: 1672 Operation ID: {0,8961375} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3448.tmp Handle ID: 1672 Operation ID: {0,8961374} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3447.tmp Handle ID: 1672 Operation ID: {0,8961368} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3288 Operation ID: {0,8961335} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3288 Operation ID: {0,8961297} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4128 Operation ID: {0,8961256} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3180 Operation ID: {0,8961211} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3446.tmp Handle ID: 3288 Operation ID: {0,8961188} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3445.tmp Handle ID: 3288 Operation ID: {0,8961181} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3446.tmp Handle ID: 3288 Operation ID: {0,8961178} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3446.tmp Handle ID: 3180 Operation ID: {0,8961165} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3445.tmp Handle ID: 3288 Operation ID: {0,8961162} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3445.tmp Handle ID: 4228 Operation ID: {0,8961161} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3445.tmp Handle ID: 4228 Operation ID: {0,8961150} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3446.tmp Handle ID: 4228 Operation ID: {0,8961145} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3445.tmp Handle ID: 4228 Operation ID: {0,8961141} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4128 Operation ID: {0,8961088} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4128 Operation ID: {0,8961021} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3444.tmp Handle ID: 1672 Operation ID: {0,8960987} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3443.tmp Handle ID: 1672 Operation ID: {0,8960980} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3444.tmp Handle ID: 1672 Operation ID: {0,8960975} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3444.tmp Handle ID: 4228 Operation ID: {0,8960960} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3443.tmp Handle ID: 1672 Operation ID: {0,8960957} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3443.tmp Handle ID: 4280 Operation ID: {0,8960956} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3443.tmp Handle ID: 4280 Operation ID: {0,8960945} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3444.tmp Handle ID: 4280 Operation ID: {0,8960942} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3443.tmp Handle ID: 4280 Operation ID: {0,8960938} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4228 Operation ID: {0,8960905} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4228 Operation ID: {0,8960867} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4128 Operation ID: {0,8960824} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3180 Operation ID: {0,8960779} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3442.tmp Handle ID: 4228 Operation ID: {0,8960752} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3441.tmp Handle ID: 4228 Operation ID: {0,8960747} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3442.tmp Handle ID: 4228 Operation ID: {0,8960740} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3442.tmp Handle ID: 3180 Operation ID: {0,8960725} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3441.tmp Handle ID: 4228 Operation ID: {0,8960722} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3441.tmp Handle ID: 3888 Operation ID: {0,8960721} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3441.tmp Handle ID: 3888 Operation ID: {0,8960712} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3442.tmp Handle ID: 3888 Operation ID: {0,8960707} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3441.tmp Handle ID: 3888 Operation ID: {0,8960703} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4128 Operation ID: {0,8960652} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4128 Operation ID: {0,8960591} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3440.tmp Handle ID: 4280 Operation ID: {0,8960555} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab343F.tmp Handle ID: 4280 Operation ID: {0,8960554} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3440.tmp Handle ID: 4280 Operation ID: {0,8960553} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3440.tmp Handle ID: 3888 Operation ID: {0,8960552} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab343F.tmp Handle ID: 4280 Operation ID: {0,8960551} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab343F.tmp Handle ID: 2464 Operation ID: {0,8960550} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab343F.tmp Handle ID: 2464 Operation ID: {0,8960547} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3440.tmp Handle ID: 2464 Operation ID: {0,8960546} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab343F.tmp Handle ID: 2464 Operation ID: {0,8960544} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3888 Operation ID: {0,8960515} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3888 Operation ID: {0,8960477} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4128 Operation ID: {0,8960435} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3180 Operation ID: {0,8960392} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar343E.tmp Handle ID: 2464 Operation ID: {0,8960365} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab343D.tmp Handle ID: 2464 Operation ID: {0,8960358} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar343E.tmp Handle ID: 2464 Operation ID: {0,8960353} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar343E.tmp Handle ID: 3180 Operation ID: {0,8960340} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab343D.tmp Handle ID: 2464 Operation ID: {0,8960337} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab343D.tmp Handle ID: 3288 Operation ID: {0,8960336} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab343D.tmp Handle ID: 3288 Operation ID: {0,8960325} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar343E.tmp Handle ID: 3288 Operation ID: {0,8960320} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab343D.tmp Handle ID: 3288 Operation ID: {0,8960316} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4128 Operation ID: {0,8960263} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4128 Operation ID: {0,8960202} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar343C.tmp Handle ID: 4280 Operation ID: {0,8960168} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab343B.tmp Handle ID: 4280 Operation ID: {0,8960161} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar343C.tmp Handle ID: 4280 Operation ID: {0,8960158} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar343C.tmp Handle ID: 3288 Operation ID: {0,8960143} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab343B.tmp Handle ID: 4280 Operation ID: {0,8960140} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab343B.tmp Handle ID: 1672 Operation ID: {0,8960139} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab343B.tmp Handle ID: 1672 Operation ID: {0,8960130} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar343C.tmp Handle ID: 1672 Operation ID: {0,8960127} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab343B.tmp Handle ID: 1672 Operation ID: {0,8960123} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3288 Operation ID: {0,8960090} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3288 Operation ID: {0,8960054} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4128 Operation ID: {0,8960011} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar343A.tmp Handle ID: 1672 Operation ID: {0,8959842} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3439.tmp Handle ID: 1672 Operation ID: {0,8959837} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar343A.tmp Handle ID: 1672 Operation ID: {0,8959832} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar343A.tmp Handle ID: 4280 Operation ID: {0,8959817} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3439.tmp Handle ID: 1672 Operation ID: {0,8959814} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3439.tmp Handle ID: 4192 Operation ID: {0,8959813} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3439.tmp Handle ID: 4192 Operation ID: {0,8959804} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar343A.tmp Handle ID: 4192 Operation ID: {0,8959799} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3439.tmp Handle ID: 4192 Operation ID: {0,8959795} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4128 Operation ID: {0,8959744} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4128 Operation ID: {0,8959679} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3438.tmp Handle ID: 3996 Operation ID: {0,8959645} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3437.tmp Handle ID: 3996 Operation ID: {0,8959640} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3438.tmp Handle ID: 3996 Operation ID: {0,8959635} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3438.tmp Handle ID: 4192 Operation ID: {0,8959622} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3437.tmp Handle ID: 3996 Operation ID: {0,8959619} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3437.tmp Handle ID: 3288 Operation ID: {0,8959618} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3437.tmp Handle ID: 3288 Operation ID: {0,8959607} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3438.tmp Handle ID: 3288 Operation ID: {0,8959604} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3437.tmp Handle ID: 3288 Operation ID: {0,8959600} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4192 Operation ID: {0,8959567} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4192 Operation ID: {0,8959531} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:14 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:14 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4192 Operation ID: {0,8959492} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4332 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:11 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4332 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4332 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4332 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3436.tmp Handle ID: 4332 Operation ID: {0,8959358} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4332 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:11 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4332 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4332 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4332 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3435.tmp Handle ID: 4332 Operation ID: {0,8959353} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4332 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4332 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3436.tmp Handle ID: 4332 Operation ID: {0,8959348} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4332 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4332 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3436.tmp Handle ID: 4192 Operation ID: {0,8959335} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3435.tmp Handle ID: 4332 Operation ID: {0,8959332} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3435.tmp Handle ID: 3288 Operation ID: {0,8959331} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3435.tmp Handle ID: 3288 Operation ID: {0,8959324} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3436.tmp Handle ID: 3288 Operation ID: {0,8959321} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3435.tmp Handle ID: 3288 Operation ID: {0,8959317} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2912 Operation ID: {0,8959265} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2912 Operation ID: {0,8959204} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:11 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3434.tmp Handle ID: 4280 Operation ID: {0,8959172} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:11 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3433.tmp Handle ID: 4280 Operation ID: {0,8959167} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3434.tmp Handle ID: 4280 Operation ID: {0,8959164} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3434.tmp Handle ID: 3288 Operation ID: {0,8959151} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3433.tmp Handle ID: 4280 Operation ID: {0,8959148} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3433.tmp Handle ID: 2464 Operation ID: {0,8959147} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3433.tmp Handle ID: 2464 Operation ID: {0,8959140} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3434.tmp Handle ID: 2464 Operation ID: {0,8959137} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3433.tmp Handle ID: 2464 Operation ID: {0,8959133} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3288 Operation ID: {0,8959100} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3288 Operation ID: {0,8959064} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2912 Operation ID: {0,8959023} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4192 Operation ID: {0,8958980} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:11 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3432.tmp Handle ID: 3288 Operation ID: {0,8958954} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:11 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3431.tmp Handle ID: 3288 Operation ID: {0,8958948} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3432.tmp Handle ID: 3288 Operation ID: {0,8958943} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3432.tmp Handle ID: 4192 Operation ID: {0,8958930} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3431.tmp Handle ID: 3288 Operation ID: {0,8958927} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3431.tmp Handle ID: 4048 Operation ID: {0,8958926} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3431.tmp Handle ID: 4048 Operation ID: {0,8958919} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3432.tmp Handle ID: 4048 Operation ID: {0,8958916} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3431.tmp Handle ID: 4048 Operation ID: {0,8958912} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:11 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:11 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2912 Operation ID: {0,8958775} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2912 Operation ID: {0,8958393} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3430.tmp Handle ID: 2464 Operation ID: {0,8958361} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab342F.tmp Handle ID: 2464 Operation ID: {0,8958356} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3430.tmp Handle ID: 2464 Operation ID: {0,8958351} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3430.tmp Handle ID: 3288 Operation ID: {0,8958337} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab342F.tmp Handle ID: 2464 Operation ID: {0,8958334} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab342F.tmp Handle ID: 3180 Operation ID: {0,8958333} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab342F.tmp Handle ID: 3180 Operation ID: {0,8958324} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3430.tmp Handle ID: 3180 Operation ID: {0,8958323} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab342F.tmp Handle ID: 3180 Operation ID: {0,8958319} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3288 Operation ID: {0,8958286} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3288 Operation ID: {0,8958250} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2912 Operation ID: {0,8958209} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4048 Operation ID: {0,8958166} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar342E.tmp Handle ID: 3288 Operation ID: {0,8958141} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab342D.tmp Handle ID: 3288 Operation ID: {0,8958136} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar342E.tmp Handle ID: 3288 Operation ID: {0,8958131} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4332 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar342E.tmp Handle ID: 4048 Operation ID: {0,8958116} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4332 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab342D.tmp Handle ID: 3288 Operation ID: {0,8958113} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab342D.tmp Handle ID: 4332 Operation ID: {0,8958112} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4332 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4332 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab342D.tmp Handle ID: 4332 Operation ID: {0,8958103} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4332 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar342E.tmp Handle ID: 4332 Operation ID: {0,8958100} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4332 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab342D.tmp Handle ID: 4332 Operation ID: {0,8958096} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2912 Operation ID: {0,8958045} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2912 Operation ID: {0,8957983} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar342C.tmp Handle ID: 3180 Operation ID: {0,8957951} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab342B.tmp Handle ID: 3180 Operation ID: {0,8957946} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar342C.tmp Handle ID: 3180 Operation ID: {0,8957943} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4332 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4332 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4332 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar342C.tmp Handle ID: 4332 Operation ID: {0,8957930} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab342B.tmp Handle ID: 3180 Operation ID: {0,8957927} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab342B.tmp Handle ID: 4280 Operation ID: {0,8957926} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab342B.tmp Handle ID: 4280 Operation ID: {0,8957919} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar342C.tmp Handle ID: 4280 Operation ID: {0,8957916} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab342B.tmp Handle ID: 4280 Operation ID: {0,8957912} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4332 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4332 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4332 Operation ID: {0,8957879} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4332 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4332 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4332 Operation ID: {0,8957843} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2912 Operation ID: {0,8957802} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4048 Operation ID: {0,8957759} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4332 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4332 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4332 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4332 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar342A.tmp Handle ID: 4332 Operation ID: {0,8957732} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4332 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4332 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4332 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4332 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3429.tmp Handle ID: 4332 Operation ID: {0,8957727} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4332 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4332 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar342A.tmp Handle ID: 4332 Operation ID: {0,8957722} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4332 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4332 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar342A.tmp Handle ID: 4048 Operation ID: {0,8957709} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3429.tmp Handle ID: 4332 Operation ID: {0,8957706} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3429.tmp Handle ID: 4192 Operation ID: {0,8957705} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3429.tmp Handle ID: 4192 Operation ID: {0,8957698} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar342A.tmp Handle ID: 4192 Operation ID: {0,8957695} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3429.tmp Handle ID: 4192 Operation ID: {0,8957691} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2912 Operation ID: {0,8957640} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2912 Operation ID: {0,8957579} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3428.tmp Handle ID: 4280 Operation ID: {0,8957547} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3427.tmp Handle ID: 4280 Operation ID: {0,8957542} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3428.tmp Handle ID: 4280 Operation ID: {0,8957537} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3428.tmp Handle ID: 4192 Operation ID: {0,8957524} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3427.tmp Handle ID: 4280 Operation ID: {0,8957521} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3427.tmp Handle ID: 2464 Operation ID: {0,8957520} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3427.tmp Handle ID: 2464 Operation ID: {0,8957511} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3428.tmp Handle ID: 3288 Operation ID: {0,8957506} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3427.tmp Handle ID: 3288 Operation ID: {0,8957502} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4280 Operation ID: {0,8957469} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4280 Operation ID: {0,8957433} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2912 Operation ID: {0,8957392} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3426.tmp Handle ID: 4280 Operation ID: {0,8957360} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3425.tmp Handle ID: 4280 Operation ID: {0,8957355} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3426.tmp Handle ID: 4280 Operation ID: {0,8957350} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3426.tmp Handle ID: 4048 Operation ID: {0,8957337} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3425.tmp Handle ID: 4280 Operation ID: {0,8957336} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3425.tmp Handle ID: 4192 Operation ID: {0,8957335} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3425.tmp Handle ID: 4192 Operation ID: {0,8957328} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3426.tmp Handle ID: 4192 Operation ID: {0,8957325} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3425.tmp Handle ID: 4192 Operation ID: {0,8957321} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2912 Operation ID: {0,8957270} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2912 Operation ID: {0,8957209} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3424.tmp Handle ID: 3288 Operation ID: {0,8957177} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3423.tmp Handle ID: 3288 Operation ID: {0,8957172} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3424.tmp Handle ID: 3288 Operation ID: {0,8957167} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3424.tmp Handle ID: 4192 Operation ID: {0,8957154} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3423.tmp Handle ID: 3288 Operation ID: {0,8957151} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3423.tmp Handle ID: 3180 Operation ID: {0,8957150} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3423.tmp Handle ID: 3180 Operation ID: {0,8957143} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3424.tmp Handle ID: 3180 Operation ID: {0,8957140} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3423.tmp Handle ID: 3180 Operation ID: {0,8957136} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4192 Operation ID: {0,8957103} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4192 Operation ID: {0,8957067} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:10 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:10 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4192 Operation ID: {0,8957028} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3422.tmp Handle ID: 3996 Operation ID: {0,8955958} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3421.tmp Handle ID: 3996 Operation ID: {0,8955953} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3422.tmp Handle ID: 3996 Operation ID: {0,8955948} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3422.tmp Handle ID: 4192 Operation ID: {0,8955935} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3421.tmp Handle ID: 3996 Operation ID: {0,8955932} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3421.tmp Handle ID: 3180 Operation ID: {0,8955931} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3421.tmp Handle ID: 3180 Operation ID: {0,8955922} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3422.tmp Handle ID: 3180 Operation ID: {0,8955921} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3421.tmp Handle ID: 3180 Operation ID: {0,8955917} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2912 Operation ID: {0,8955866} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2912 Operation ID: {0,8955805} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3420.tmp Handle ID: 4048 Operation ID: {0,8955771} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab341F.tmp Handle ID: 4048 Operation ID: {0,8955768} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3420.tmp Handle ID: 4048 Operation ID: {0,8955761} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3420.tmp Handle ID: 3180 Operation ID: {0,8955748} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab341F.tmp Handle ID: 4048 Operation ID: {0,8955745} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab341F.tmp Handle ID: 1672 Operation ID: {0,8955744} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab341F.tmp Handle ID: 1672 Operation ID: {0,8955735} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3420.tmp Handle ID: 1672 Operation ID: {0,8955734} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab341F.tmp Handle ID: 1672 Operation ID: {0,8955730} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3180 Operation ID: {0,8955697} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3180 Operation ID: {0,8955661} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2912 Operation ID: {0,8955620} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4192 Operation ID: {0,8955577} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar341E.tmp Handle ID: 3180 Operation ID: {0,8955550} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab341D.tmp Handle ID: 3180 Operation ID: {0,8955545} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar341E.tmp Handle ID: 3180 Operation ID: {0,8955538} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar341E.tmp Handle ID: 4192 Operation ID: {0,8955525} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab341D.tmp Handle ID: 3180 Operation ID: {0,8955522} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab341D.tmp Handle ID: 2464 Operation ID: {0,8955521} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab341D.tmp Handle ID: 2464 Operation ID: {0,8955512} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar341E.tmp Handle ID: 2464 Operation ID: {0,8955509} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab341D.tmp Handle ID: 2464 Operation ID: {0,8955505} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2912 Operation ID: {0,8955454} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2912 Operation ID: {0,8955393} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar341C.tmp Handle ID: 1672 Operation ID: {0,8955359} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab341B.tmp Handle ID: 1672 Operation ID: {0,8955354} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar341C.tmp Handle ID: 1672 Operation ID: {0,8955349} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar341C.tmp Handle ID: 2464 Operation ID: {0,8955335} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab341B.tmp Handle ID: 1672 Operation ID: {0,8955332} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab341B.tmp Handle ID: 3888 Operation ID: {0,8955331} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab341B.tmp Handle ID: 3888 Operation ID: {0,8955324} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar341C.tmp Handle ID: 3888 Operation ID: {0,8955321} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab341B.tmp Handle ID: 3888 Operation ID: {0,8955317} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2464 Operation ID: {0,8955284} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2464 Operation ID: {0,8955248} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2912 Operation ID: {0,8955207} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4192 Operation ID: {0,8955164} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar341A.tmp Handle ID: 2464 Operation ID: {0,8955139} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3419.tmp Handle ID: 2464 Operation ID: {0,8955134} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar341A.tmp Handle ID: 2464 Operation ID: {0,8955129} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar341A.tmp Handle ID: 4192 Operation ID: {0,8955116} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3419.tmp Handle ID: 2464 Operation ID: {0,8955113} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3419.tmp Handle ID: 3996 Operation ID: {0,8955112} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3419.tmp Handle ID: 3996 Operation ID: {0,8955103} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar341A.tmp Handle ID: 3996 Operation ID: {0,8955100} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3419.tmp Handle ID: 3996 Operation ID: {0,8955096} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2912 Operation ID: {0,8955045} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2912 Operation ID: {0,8954984} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3418.tmp Handle ID: 3888 Operation ID: {0,8954952} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3417.tmp Handle ID: 3888 Operation ID: {0,8954945} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3418.tmp Handle ID: 3888 Operation ID: {0,8954940} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3418.tmp Handle ID: 3996 Operation ID: {0,8954925} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3417.tmp Handle ID: 3888 Operation ID: {0,8954922} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3417.tmp Handle ID: 4048 Operation ID: {0,8954921} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3417.tmp Handle ID: 4048 Operation ID: {0,8954914} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3418.tmp Handle ID: 4048 Operation ID: {0,8954911} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3417.tmp Handle ID: 4048 Operation ID: {0,8954907} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3996 Operation ID: {0,8954874} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3996 Operation ID: {0,8954838} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2912 Operation ID: {0,8954796} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4192 Operation ID: {0,8954753} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3416.tmp Handle ID: 3996 Operation ID: {0,8954728} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3415.tmp Handle ID: 3996 Operation ID: {0,8954725} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3416.tmp Handle ID: 3996 Operation ID: {0,8954720} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3416.tmp Handle ID: 4192 Operation ID: {0,8954709} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3415.tmp Handle ID: 3996 Operation ID: {0,8954706} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3415.tmp Handle ID: 3180 Operation ID: {0,8954705} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3415.tmp Handle ID: 3180 Operation ID: {0,8954698} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3416.tmp Handle ID: 3180 Operation ID: {0,8954695} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3415.tmp Handle ID: 3180 Operation ID: {0,8954691} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2912 Operation ID: {0,8954640} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2912 Operation ID: {0,8954579} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3414.tmp Handle ID: 4048 Operation ID: {0,8954547} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3413.tmp Handle ID: 4048 Operation ID: {0,8954542} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3414.tmp Handle ID: 4048 Operation ID: {0,8954539} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3414.tmp Handle ID: 3180 Operation ID: {0,8954524} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3413.tmp Handle ID: 4048 Operation ID: {0,8954521} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3413.tmp Handle ID: 1672 Operation ID: {0,8954520} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3413.tmp Handle ID: 1672 Operation ID: {0,8954513} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3414.tmp Handle ID: 1672 Operation ID: {0,8954510} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3413.tmp Handle ID: 1672 Operation ID: {0,8954506} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3180 Operation ID: {0,8954473} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3180 Operation ID: {0,8954437} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2912 Operation ID: {0,8954396} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3412.tmp Handle ID: 3180 Operation ID: {0,8954364} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3411.tmp Handle ID: 3180 Operation ID: {0,8954357} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3412.tmp Handle ID: 3180 Operation ID: {0,8954352} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3412.tmp Handle ID: 4192 Operation ID: {0,8954339} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3411.tmp Handle ID: 3180 Operation ID: {0,8954336} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3411.tmp Handle ID: 2464 Operation ID: {0,8954335} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3411.tmp Handle ID: 2464 Operation ID: {0,8954326} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3412.tmp Handle ID: 2464 Operation ID: {0,8954325} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3411.tmp Handle ID: 2464 Operation ID: {0,8954321} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2912 Operation ID: {0,8954270} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2912 Operation ID: {0,8954209} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3410.tmp Handle ID: 1672 Operation ID: {0,8954173} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab340F.tmp Handle ID: 1672 Operation ID: {0,8954168} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3410.tmp Handle ID: 1672 Operation ID: {0,8954165} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1672 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1672 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3410.tmp Handle ID: 2464 Operation ID: {0,8954152} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab340F.tmp Handle ID: 1672 Operation ID: {0,8954149} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab340F.tmp Handle ID: 3888 Operation ID: {0,8954148} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab340F.tmp Handle ID: 3888 Operation ID: {0,8954141} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3410.tmp Handle ID: 3888 Operation ID: {0,8954138} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab340F.tmp Handle ID: 3888 Operation ID: {0,8954134} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2464 Operation ID: {0,8954101} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2464 Operation ID: {0,8954065} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2464 Operation ID: {0,8954026} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4160 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4160 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4160 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4160 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar340E.tmp Handle ID: 4160 Operation ID: {0,8953967} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4160 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4160 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4160 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4160 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab340D.tmp Handle ID: 4160 Operation ID: {0,8953962} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4160 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4160 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar340E.tmp Handle ID: 4160 Operation ID: {0,8953957} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4160 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4160 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar340E.tmp Handle ID: 2464 Operation ID: {0,8953944} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab340D.tmp Handle ID: 4160 Operation ID: {0,8953941} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab340D.tmp Handle ID: 3888 Operation ID: {0,8953940} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab340D.tmp Handle ID: 3888 Operation ID: {0,8953933} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar340E.tmp Handle ID: 3888 Operation ID: {0,8953930} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab340D.tmp Handle ID: 3888 Operation ID: {0,8953926} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2912 Operation ID: {0,8953875} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2912 Operation ID: {0,8953814} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar340C.tmp Handle ID: 4192 Operation ID: {0,8953782} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab340B.tmp Handle ID: 4192 Operation ID: {0,8953777} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar340C.tmp Handle ID: 4192 Operation ID: {0,8953772} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar340C.tmp Handle ID: 3888 Operation ID: {0,8953759} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab340B.tmp Handle ID: 4192 Operation ID: {0,8953758} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab340B.tmp Handle ID: 4280 Operation ID: {0,8953757} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab340B.tmp Handle ID: 4280 Operation ID: {0,8953748} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar340C.tmp Handle ID: 4280 Operation ID: {0,8953745} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab340B.tmp Handle ID: 4280 Operation ID: {0,8953741} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3888 Operation ID: {0,8953708} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3888 Operation ID: {0,8953672} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3896 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3896 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3896 Operation ID: {0,8953631} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4332 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4332 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4332 Operation ID: {0,8953582} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar340A.tmp Handle ID: 2464 Operation ID: {0,8953557} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3409.tmp Handle ID: 2464 Operation ID: {0,8953552} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar340A.tmp Handle ID: 2464 Operation ID: {0,8953547} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4332 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4332 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4332 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar340A.tmp Handle ID: 4332 Operation ID: {0,8953534} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3409.tmp Handle ID: 2464 Operation ID: {0,8953531} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3409.tmp Handle ID: 3180 Operation ID: {0,8953530} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3409.tmp Handle ID: 3180 Operation ID: {0,8953523} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar340A.tmp Handle ID: 3180 Operation ID: {0,8953520} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3409.tmp Handle ID: 3180 Operation ID: {0,8953516} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4128 Operation ID: {0,8953465} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4128 Operation ID: {0,8953403} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3408.tmp Handle ID: 3888 Operation ID: {0,8953371} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3407.tmp Handle ID: 3888 Operation ID: {0,8953366} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3408.tmp Handle ID: 3888 Operation ID: {0,8953361} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3408.tmp Handle ID: 3180 Operation ID: {0,8953348} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3407.tmp Handle ID: 3888 Operation ID: {0,8953345} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3407.tmp Handle ID: 3996 Operation ID: {0,8953344} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3996 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3407.tmp Handle ID: 3996 Operation ID: {0,8953336} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3408.tmp Handle ID: 3996 Operation ID: {0,8953334} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3996 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3407.tmp Handle ID: 3996 Operation ID: {0,8953330} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3180 Operation ID: {0,8953297} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3180 Operation ID: {0,8953261} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,8953220} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4048 Operation ID: {0,8953171} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4332 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4332 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4332 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4332 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3406.tmp Handle ID: 4332 Operation ID: {0,8953145} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4332 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4332 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4332 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4332 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3405.tmp Handle ID: 4332 Operation ID: {0,8953140} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4332 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4332 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3406.tmp Handle ID: 4332 Operation ID: {0,8953137} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4332 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4332 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3406.tmp Handle ID: 4048 Operation ID: {0,8953124} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3405.tmp Handle ID: 4332 Operation ID: {0,8953121} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3405.tmp Handle ID: 4432 Operation ID: {0,8953120} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3405.tmp Handle ID: 4432 Operation ID: {0,8953113} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3406.tmp Handle ID: 4432 Operation ID: {0,8953108} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3405.tmp Handle ID: 4432 Operation ID: {0,8953104} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4128 Operation ID: {0,8953053} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4128 Operation ID: {0,8952992} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3404.tmp Handle ID: 3180 Operation ID: {0,8952960} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3403.tmp Handle ID: 3180 Operation ID: {0,8952955} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3404.tmp Handle ID: 3180 Operation ID: {0,8952950} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4160 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3404.tmp Handle ID: 4432 Operation ID: {0,8952937} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4160 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3403.tmp Handle ID: 3180 Operation ID: {0,8952934} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3403.tmp Handle ID: 4160 Operation ID: {0,8952933} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4160 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4160 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3403.tmp Handle ID: 4160 Operation ID: {0,8952925} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4160 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3404.tmp Handle ID: 4160 Operation ID: {0,8952923} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4160 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3403.tmp Handle ID: 4160 Operation ID: {0,8952919} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4432 Operation ID: {0,8952886} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4432 Operation ID: {0,8952850} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,8952809} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4228 Operation ID: {0,8952759} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3402.tmp Handle ID: 4048 Operation ID: {0,8952734} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3401.tmp Handle ID: 4048 Operation ID: {0,8952729} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3402.tmp Handle ID: 4048 Operation ID: {0,8952724} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4048 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4048 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3402.tmp Handle ID: 4228 Operation ID: {0,8952711} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3401.tmp Handle ID: 4048 Operation ID: {0,8952708} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3401.tmp Handle ID: 4424 Operation ID: {0,8952707} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3401.tmp Handle ID: 4424 Operation ID: {0,8952699} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3402.tmp Handle ID: 4424 Operation ID: {0,8952697} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3401.tmp Handle ID: 4424 Operation ID: {0,8952693} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4128 Operation ID: {0,8952642} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4128 Operation ID: {0,8952575} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3400.tmp Handle ID: 4432 Operation ID: {0,8952541} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33FF.tmp Handle ID: 4432 Operation ID: {0,8952538} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3400.tmp Handle ID: 4432 Operation ID: {0,8952531} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3400.tmp Handle ID: 4424 Operation ID: {0,8952520} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33FF.tmp Handle ID: 4432 Operation ID: {0,8952517} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33FF.tmp Handle ID: 2464 Operation ID: {0,8952516} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33FF.tmp Handle ID: 2464 Operation ID: {0,8952507} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3400.tmp Handle ID: 2464 Operation ID: {0,8952504} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33FF.tmp Handle ID: 2464 Operation ID: {0,8952500} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4424 Operation ID: {0,8952467} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4424 Operation ID: {0,8952431} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,8952390} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33FE.tmp Handle ID: 4228 Operation ID: {0,8952353} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33FD.tmp Handle ID: 4228 Operation ID: {0,8952348} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33FE.tmp Handle ID: 4228 Operation ID: {0,8952343} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4228 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2912 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2912 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4228 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33FE.tmp Handle ID: 2912 Operation ID: {0,8952328} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33FD.tmp Handle ID: 4228 Operation ID: {0,8952327} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33FD.tmp Handle ID: 2524 Operation ID: {0,8952326} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33FD.tmp Handle ID: 2524 Operation ID: {0,8952321} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33FE.tmp Handle ID: 2524 Operation ID: {0,8952318} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33FD.tmp Handle ID: 2524 Operation ID: {0,8952314} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4128 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4128 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4128 Operation ID: {0,8952263} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3936 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3936 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3936 Operation ID: {0,8952202} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33FC.tmp Handle ID: 2524 Operation ID: {0,8952166} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33FB.tmp Handle ID: 2524 Operation ID: {0,8952161} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33FC.tmp Handle ID: 2524 Operation ID: {0,8952156} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2524 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4412 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4244 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4244 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4244 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2524 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33FC.tmp Handle ID: 4244 Operation ID: {0,8952140} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4412 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33FB.tmp Handle ID: 2524 Operation ID: {0,8952137} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33FB.tmp Handle ID: 4412 Operation ID: {0,8952136} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4412 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4412 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33FB.tmp Handle ID: 4412 Operation ID: {0,8952129} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4412 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33FC.tmp Handle ID: 4412 Operation ID: {0,8952126} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4412 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33FB.tmp Handle ID: 4412 Operation ID: {0,8952122} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4244 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4244 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4244 Operation ID: {0,8952089} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4244 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4244 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4244 Operation ID: {0,8952053} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4244 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:43:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4244 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:43:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4244 Operation ID: {0,8952014} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:43:05 AM Security Success Audit Logon/Logoff 538 NT AUTHORITY\ANONYMOUS LOGON AERODB "User Logoff: User Name: ANONYMOUS LOGON Domain: NT AUTHORITY Logon ID: (0x0,0x8897BA) Logon Type: 3 " 4/17/2020 11:43:05 AM Security Success Audit Logon/Logoff 540 NT AUTHORITY\ANONYMOUS LOGON AERODB "Successful Network Logon: User Name: Domain: Logon ID: (0x0,0x8897BA) Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NTLM Workstation Name: AEROADMIN Logon GUID: - Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 192.168.0.12 Source Port: 0 " 4/17/2020 11:42:40 AM Security Success Audit Logon/Logoff 538 NT AUTHORITY\ANONYMOUS LOGON AERODB "User Logoff: User Name: ANONYMOUS LOGON Domain: NT AUTHORITY Logon ID: (0x0,0x888583) Logon Type: 3 " 4/17/2020 11:42:40 AM Security Success Audit Logon/Logoff 540 NT AUTHORITY\ANONYMOUS LOGON AERODB "Successful Network Logon: User Name: Domain: Logon ID: (0x0,0x888583) Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NTLM Workstation Name: AEROADMIN Logon GUID: - Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 192.168.0.12 Source Port: 0 " 4/17/2020 11:42:40 AM Security Success Audit Logon/Logoff 538 NT AUTHORITY\ANONYMOUS LOGON AERODB "User Logoff: User Name: ANONYMOUS LOGON Domain: NT AUTHORITY Logon ID: (0x0,0x888575) Logon Type: 3 " 4/17/2020 11:42:40 AM Security Success Audit Logon/Logoff 540 NT AUTHORITY\ANONYMOUS LOGON AERODB "Successful Network Logon: User Name: Domain: Logon ID: (0x0,0x888575) Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NTLM Workstation Name: AEROADMIN Logon GUID: - Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 192.168.0.12 Source Port: 0 " 4/17/2020 11:42:37 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 144 Process ID: 4056 Image File Name: C:\WINDOWS\system32\notepad.exe " 4/17/2020 11:42:37 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 144 Object Type: Key Process ID: 4056 Image File Name: C:\WINDOWS\system32\notepad.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:37 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 144 Operation ID: {0,8945967} Process ID: 4056 Image File Name: C:\WINDOWS\system32\notepad.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x523CA) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:42:37 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 92 Process ID: 4056 Image File Name: C:\WINDOWS\system32\notepad.exe " 4/17/2020 11:42:37 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 92 Object Type: Key Process ID: 4056 Image File Name: C:\WINDOWS\system32\notepad.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:37 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 92 Operation ID: {0,8945809} Process ID: 4056 Image File Name: C:\WINDOWS\system32\notepad.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x523CA) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:34 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 240 Process ID: 1040 Image File Name: C:\WINDOWS\system32\rundll32.exe " 4/17/2020 11:42:34 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 240 Object Type: Key Process ID: 1040 Image File Name: C:\WINDOWS\system32\rundll32.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:34 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 240 Operation ID: {0,8942797} Process ID: 1040 Image File Name: C:\WINDOWS\system32\rundll32.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x523CA) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:34 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 132 Process ID: 1040 Image File Name: C:\WINDOWS\system32\rundll32.exe " 4/17/2020 11:42:34 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 132 Object Type: Key Process ID: 1040 Image File Name: C:\WINDOWS\system32\rundll32.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:34 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 132 Operation ID: {0,8942460} Process ID: 1040 Image File Name: C:\WINDOWS\system32\rundll32.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x523CA) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:42:34 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 84 Process ID: 1040 Image File Name: C:\WINDOWS\system32\rundll32.exe " 4/17/2020 11:42:34 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 84 Object Type: Key Process ID: 1040 Image File Name: C:\WINDOWS\system32\rundll32.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:34 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 84 Operation ID: {0,8942330} Process ID: 1040 Image File Name: C:\WINDOWS\system32\rundll32.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x523CA) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:25 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 140 Process ID: 2908 Image File Name: C:\Program Files\Windows NT\Accessories\wordpad.exe " 4/17/2020 11:42:25 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 140 Object Type: Key Process ID: 2908 Image File Name: C:\Program Files\Windows NT\Accessories\wordpad.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:25 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 140 Operation ID: {0,8937123} Process ID: 2908 Image File Name: C:\Program Files\Windows NT\Accessories\wordpad.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x523CA) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:25 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 120 Process ID: 2908 Image File Name: C:\Program Files\Windows NT\Accessories\wordpad.exe " 4/17/2020 11:42:25 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 120 Object Type: Key Process ID: 2908 Image File Name: C:\Program Files\Windows NT\Accessories\wordpad.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:25 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 120 Operation ID: {0,8937048} Process ID: 2908 Image File Name: C:\Program Files\Windows NT\Accessories\wordpad.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x523CA) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:42:25 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4244 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:25 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4244 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:25 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 4244 Operation ID: {0,8936975} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:42:20 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 280 Process ID: 5724 Image File Name: C:\WINDOWS\system32\rundll32.exe " 4/17/2020 11:42:20 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 280 Object Type: Key Process ID: 5724 Image File Name: C:\WINDOWS\system32\rundll32.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:20 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 280 Operation ID: {0,8933747} Process ID: 5724 Image File Name: C:\WINDOWS\system32\rundll32.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x523CA) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:20 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 132 Process ID: 5724 Image File Name: C:\WINDOWS\system32\rundll32.exe " 4/17/2020 11:42:20 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 132 Object Type: Key Process ID: 5724 Image File Name: C:\WINDOWS\system32\rundll32.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:20 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 132 Operation ID: {0,8933175} Process ID: 5724 Image File Name: C:\WINDOWS\system32\rundll32.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x523CA) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:42:20 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 84 Process ID: 5724 Image File Name: C:\WINDOWS\system32\rundll32.exe " 4/17/2020 11:42:20 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 84 Object Type: Key Process ID: 5724 Image File Name: C:\WINDOWS\system32\rundll32.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:20 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 84 Operation ID: {0,8933024} Process ID: 5724 Image File Name: C:\WINDOWS\system32\rundll32.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x523CA) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33F4.tmp Handle ID: 1600 Operation ID: {0,8927895} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33F3.tmp Handle ID: 1600 Operation ID: {0,8927890} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33F4.tmp Handle ID: 1600 Operation ID: {0,8927885} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3296 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33F4.tmp Handle ID: 3864 Operation ID: {0,8927872} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3296 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33F3.tmp Handle ID: 1600 Operation ID: {0,8927869} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33F3.tmp Handle ID: 3296 Operation ID: {0,8927868} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3296 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3296 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33F3.tmp Handle ID: 3296 Operation ID: {0,8927857} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3296 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33F4.tmp Handle ID: 3296 Operation ID: {0,8927856} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3296 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33F3.tmp Handle ID: 3296 Operation ID: {0,8927852} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1684 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1684 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1684 Operation ID: {0,8927801} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1684 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1684 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1684 Operation ID: {0,8927738} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33F2.tmp Handle ID: 3784 Operation ID: {0,8927708} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33F1.tmp Handle ID: 3784 Operation ID: {0,8927701} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33F2.tmp Handle ID: 3784 Operation ID: {0,8927696} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3296 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3296 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3296 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33F2.tmp Handle ID: 3296 Operation ID: {0,8927681} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33F1.tmp Handle ID: 3784 Operation ID: {0,8927680} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33F1.tmp Handle ID: 4440 Operation ID: {0,8927679} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33F1.tmp Handle ID: 4440 Operation ID: {0,8927668} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33F2.tmp Handle ID: 4440 Operation ID: {0,8927665} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33F1.tmp Handle ID: 4440 Operation ID: {0,8927661} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3296 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3296 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3296 Operation ID: {0,8927627} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3296 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3296 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3296 Operation ID: {0,8927589} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1684 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1684 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1684 Operation ID: {0,8927548} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3864 Operation ID: {0,8927503} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3296 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3296 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3296 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3296 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33F0.tmp Handle ID: 3296 Operation ID: {0,8927478} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3296 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3296 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3296 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3296 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33EF.tmp Handle ID: 3296 Operation ID: {0,8927471} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3296 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3296 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33F0.tmp Handle ID: 3296 Operation ID: {0,8927466} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3296 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3296 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33F0.tmp Handle ID: 3864 Operation ID: {0,8927449} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33EF.tmp Handle ID: 3296 Operation ID: {0,8927448} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33EF.tmp Handle ID: 4288 Operation ID: {0,8927447} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33EF.tmp Handle ID: 4288 Operation ID: {0,8927438} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33F0.tmp Handle ID: 4288 Operation ID: {0,8927433} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33EF.tmp Handle ID: 4288 Operation ID: {0,8927429} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1684 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1684 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1684 Operation ID: {0,8927376} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1684 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1684 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1684 Operation ID: {0,8927313} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33EE.tmp Handle ID: 4440 Operation ID: {0,8927279} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33ED.tmp Handle ID: 4440 Operation ID: {0,8927274} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33EE.tmp Handle ID: 4440 Operation ID: {0,8927269} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33EE.tmp Handle ID: 4288 Operation ID: {0,8927254} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33ED.tmp Handle ID: 4440 Operation ID: {0,8927251} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33ED.tmp Handle ID: 4052 Operation ID: {0,8927250} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33ED.tmp Handle ID: 4052 Operation ID: {0,8927240} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33EE.tmp Handle ID: 4052 Operation ID: {0,8927236} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33ED.tmp Handle ID: 4052 Operation ID: {0,8927232} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4288 Operation ID: {0,8927199} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4288 Operation ID: {0,8927163} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1684 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1684 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1684 Operation ID: {0,8927120} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3864 Operation ID: {0,8927075} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33EC.tmp Handle ID: 4052 Operation ID: {0,8927050} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33EB.tmp Handle ID: 4052 Operation ID: {0,8927045} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33EC.tmp Handle ID: 4052 Operation ID: {0,8927040} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33EC.tmp Handle ID: 3864 Operation ID: {0,8927025} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33EB.tmp Handle ID: 4052 Operation ID: {0,8927024} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33EB.tmp Handle ID: 4440 Operation ID: {0,8927023} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33EB.tmp Handle ID: 4440 Operation ID: {0,8927012} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33EC.tmp Handle ID: 4440 Operation ID: {0,8927009} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33EB.tmp Handle ID: 4440 Operation ID: {0,8927005} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1684 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1684 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1684 Operation ID: {0,8926954} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1684 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1684 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1684 Operation ID: {0,8926891} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33EA.tmp Handle ID: 4288 Operation ID: {0,8926859} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33E9.tmp Handle ID: 4288 Operation ID: {0,8926852} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33EA.tmp Handle ID: 4288 Operation ID: {0,8926847} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33EA.tmp Handle ID: 4440 Operation ID: {0,8926831} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33E9.tmp Handle ID: 4288 Operation ID: {0,8926828} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33E9.tmp Handle ID: 3784 Operation ID: {0,8926827} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33E9.tmp Handle ID: 3784 Operation ID: {0,8926814} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33EA.tmp Handle ID: 3784 Operation ID: {0,8926811} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33E9.tmp Handle ID: 3784 Operation ID: {0,8926807} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4440 Operation ID: {0,8926774} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4440 Operation ID: {0,8926736} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1684 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1684 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1684 Operation ID: {0,8926695} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3864 Operation ID: {0,8926650} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33E8.tmp Handle ID: 4440 Operation ID: {0,8926623} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33E7.tmp Handle ID: 4440 Operation ID: {0,8926618} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33E8.tmp Handle ID: 4440 Operation ID: {0,8926613} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3296 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33E8.tmp Handle ID: 3864 Operation ID: {0,8926598} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3296 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33E7.tmp Handle ID: 4440 Operation ID: {0,8926595} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33E7.tmp Handle ID: 3296 Operation ID: {0,8926594} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3296 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3296 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33E7.tmp Handle ID: 3296 Operation ID: {0,8926585} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3296 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33E8.tmp Handle ID: 3296 Operation ID: {0,8926580} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3296 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33E7.tmp Handle ID: 3296 Operation ID: {0,8926576} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1684 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1684 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1684 Operation ID: {0,8926523} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1684 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1684 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1684 Operation ID: {0,8926462} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33E6.tmp Handle ID: 3784 Operation ID: {0,8926427} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33E5.tmp Handle ID: 3784 Operation ID: {0,8926420} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33E6.tmp Handle ID: 3784 Operation ID: {0,8926415} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3296 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3296 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3296 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33E6.tmp Handle ID: 3296 Operation ID: {0,8926400} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33E5.tmp Handle ID: 3784 Operation ID: {0,8926397} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33E5.tmp Handle ID: 1600 Operation ID: {0,8926396} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33E5.tmp Handle ID: 1600 Operation ID: {0,8926387} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33E6.tmp Handle ID: 1600 Operation ID: {0,8926382} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33E5.tmp Handle ID: 1600 Operation ID: {0,8926378} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3296 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3296 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3296 Operation ID: {0,8926343} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3296 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3296 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3296 Operation ID: {0,8926307} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1684 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1684 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1684 Operation ID: {0,8926264} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3296 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3296 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3296 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3296 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33E4.tmp Handle ID: 3296 Operation ID: {0,8926228} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3296 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3296 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3296 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3296 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33E3.tmp Handle ID: 3296 Operation ID: {0,8926223} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3296 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3296 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33E4.tmp Handle ID: 3296 Operation ID: {0,8926218} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3296 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3296 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33E4.tmp Handle ID: 3864 Operation ID: {0,8926203} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33E3.tmp Handle ID: 3296 Operation ID: {0,8926202} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33E3.tmp Handle ID: 4052 Operation ID: {0,8926201} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33E3.tmp Handle ID: 4052 Operation ID: {0,8926190} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33E4.tmp Handle ID: 4052 Operation ID: {0,8926189} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33E3.tmp Handle ID: 4052 Operation ID: {0,8926185} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1684 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1684 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1684 Operation ID: {0,8926134} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1684 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1684 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1684 Operation ID: {0,8926073} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33E2.tmp Handle ID: 1600 Operation ID: {0,8926039} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33E1.tmp Handle ID: 1600 Operation ID: {0,8926036} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33E2.tmp Handle ID: 1600 Operation ID: {0,8926031} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33E2.tmp Handle ID: 4052 Operation ID: {0,8926020} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33E1.tmp Handle ID: 1600 Operation ID: {0,8926019} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33E1.tmp Handle ID: 4288 Operation ID: {0,8926018} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33E1.tmp Handle ID: 4288 Operation ID: {0,8926007} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33E2.tmp Handle ID: 4288 Operation ID: {0,8926006} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33E1.tmp Handle ID: 4288 Operation ID: {0,8926002} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4052 Operation ID: {0,8925967} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4052 Operation ID: {0,8925929} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:08 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:08 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4440 Operation ID: {0,8925890} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33E0.tmp Handle ID: 3876 Operation ID: {0,8925829} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33DF.tmp Handle ID: 3876 Operation ID: {0,8925822} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33E0.tmp Handle ID: 3876 Operation ID: {0,8925817} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33E0.tmp Handle ID: 4288 Operation ID: {0,8925802} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33DF.tmp Handle ID: 3876 Operation ID: {0,8925799} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33DF.tmp Handle ID: 1600 Operation ID: {0,8925798} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33DF.tmp Handle ID: 1600 Operation ID: {0,8925789} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33E0.tmp Handle ID: 1600 Operation ID: {0,8925784} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33DF.tmp Handle ID: 1600 Operation ID: {0,8925780} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1684 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1684 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1684 Operation ID: {0,8925727} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1684 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1684 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1684 Operation ID: {0,8925666} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33DE.tmp Handle ID: 3864 Operation ID: {0,8925632} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33DD.tmp Handle ID: 3864 Operation ID: {0,8925627} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33DE.tmp Handle ID: 3864 Operation ID: {0,8925620} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33DE.tmp Handle ID: 1600 Operation ID: {0,8925607} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33DD.tmp Handle ID: 3864 Operation ID: {0,8925604} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33DD.tmp Handle ID: 1092 Operation ID: {0,8925603} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33DD.tmp Handle ID: 1092 Operation ID: {0,8925590} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33DE.tmp Handle ID: 1092 Operation ID: {0,8925585} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33DD.tmp Handle ID: 1092 Operation ID: {0,8925583} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1600 Operation ID: {0,8925548} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1600 Operation ID: {0,8925510} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1684 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1684 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1684 Operation ID: {0,8925467} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4288 Operation ID: {0,8925421} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33DC.tmp Handle ID: 1600 Operation ID: {0,8925392} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33DB.tmp Handle ID: 1600 Operation ID: {0,8925387} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33DC.tmp Handle ID: 1600 Operation ID: {0,8925382} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33DC.tmp Handle ID: 4288 Operation ID: {0,8925367} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33DB.tmp Handle ID: 1600 Operation ID: {0,8925364} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33DB.tmp Handle ID: 3784 Operation ID: {0,8925363} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33DB.tmp Handle ID: 3784 Operation ID: {0,8925354} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33DC.tmp Handle ID: 3784 Operation ID: {0,8925351} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33DB.tmp Handle ID: 3784 Operation ID: {0,8925347} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1684 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1684 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1684 Operation ID: {0,8925296} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1684 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1684 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1684 Operation ID: {0,8925233} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33DA.tmp Handle ID: 1092 Operation ID: {0,8925199} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33D9.tmp Handle ID: 1092 Operation ID: {0,8925192} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33DA.tmp Handle ID: 1092 Operation ID: {0,8925187} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33DA.tmp Handle ID: 3784 Operation ID: {0,8925176} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33D9.tmp Handle ID: 1092 Operation ID: {0,8925173} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33D9.tmp Handle ID: 4324 Operation ID: {0,8925172} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33D9.tmp Handle ID: 4324 Operation ID: {0,8925161} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33DA.tmp Handle ID: 4324 Operation ID: {0,8925160} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33D9.tmp Handle ID: 4324 Operation ID: {0,8925154} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3784 Operation ID: {0,8925121} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3784 Operation ID: {0,8925083} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1684 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1684 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1684 Operation ID: {0,8925042} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4288 Operation ID: {0,8924997} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33D8.tmp Handle ID: 3784 Operation ID: {0,8924970} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33D7.tmp Handle ID: 3784 Operation ID: {0,8924967} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33D8.tmp Handle ID: 3784 Operation ID: {0,8924962} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33D8.tmp Handle ID: 4288 Operation ID: {0,8924947} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33D7.tmp Handle ID: 3784 Operation ID: {0,8924944} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33D7.tmp Handle ID: 3876 Operation ID: {0,8924943} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33D7.tmp Handle ID: 3876 Operation ID: {0,8924932} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33D8.tmp Handle ID: 3876 Operation ID: {0,8924929} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33D7.tmp Handle ID: 3876 Operation ID: {0,8924925} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1684 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1684 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1684 Operation ID: {0,8924874} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1684 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1684 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1684 Operation ID: {0,8924812} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33D6.tmp Handle ID: 4324 Operation ID: {0,8924780} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33D5.tmp Handle ID: 4324 Operation ID: {0,8924775} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33D6.tmp Handle ID: 4324 Operation ID: {0,8924770} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33D6.tmp Handle ID: 3876 Operation ID: {0,8924757} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33D5.tmp Handle ID: 4324 Operation ID: {0,8924754} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33D5.tmp Handle ID: 3864 Operation ID: {0,8924753} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33D5.tmp Handle ID: 3864 Operation ID: {0,8924744} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33D6.tmp Handle ID: 3864 Operation ID: {0,8924741} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33D5.tmp Handle ID: 3864 Operation ID: {0,8924737} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3876 Operation ID: {0,8924704} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3876 Operation ID: {0,8924668} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1684 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1684 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1684 Operation ID: {0,8924627} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4288 Operation ID: {0,8924584} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33D4.tmp Handle ID: 3864 Operation ID: {0,8924559} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33D3.tmp Handle ID: 3864 Operation ID: {0,8924554} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33D4.tmp Handle ID: 3864 Operation ID: {0,8924551} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33D4.tmp Handle ID: 4288 Operation ID: {0,8924538} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33D3.tmp Handle ID: 3864 Operation ID: {0,8924537} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33D3.tmp Handle ID: 4324 Operation ID: {0,8924536} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33D3.tmp Handle ID: 4324 Operation ID: {0,8924529} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33D4.tmp Handle ID: 4324 Operation ID: {0,8924526} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33D3.tmp Handle ID: 4324 Operation ID: {0,8924522} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1684 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1684 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1684 Operation ID: {0,8924471} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1684 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1684 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1684 Operation ID: {0,8924410} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33D2.tmp Handle ID: 3876 Operation ID: {0,8924378} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33D1.tmp Handle ID: 3876 Operation ID: {0,8924375} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33D2.tmp Handle ID: 3876 Operation ID: {0,8924370} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33D2.tmp Handle ID: 4324 Operation ID: {0,8924357} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33D1.tmp Handle ID: 3876 Operation ID: {0,8924356} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33D1.tmp Handle ID: 1092 Operation ID: {0,8924355} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33D1.tmp Handle ID: 1092 Operation ID: {0,8924346} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33D2.tmp Handle ID: 1092 Operation ID: {0,8924343} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33D1.tmp Handle ID: 1092 Operation ID: {0,8924339} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4324 Operation ID: {0,8924306} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4324 Operation ID: {0,8924270} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1684 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1684 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1684 Operation ID: {0,8924229} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33D0.tmp Handle ID: 4324 Operation ID: {0,8924197} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33CF.tmp Handle ID: 4324 Operation ID: {0,8924192} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33D0.tmp Handle ID: 4324 Operation ID: {0,8924188} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33D0.tmp Handle ID: 4288 Operation ID: {0,8924174} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33CF.tmp Handle ID: 4324 Operation ID: {0,8924173} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33CF.tmp Handle ID: 3784 Operation ID: {0,8924172} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33CF.tmp Handle ID: 3784 Operation ID: {0,8924161} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33D0.tmp Handle ID: 3784 Operation ID: {0,8924160} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33CF.tmp Handle ID: 3784 Operation ID: {0,8924156} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1684 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1684 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1684 Operation ID: {0,8924105} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1684 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1684 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1684 Operation ID: {0,8924044} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33CE.tmp Handle ID: 1092 Operation ID: {0,8924012} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33CD.tmp Handle ID: 1092 Operation ID: {0,8924005} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33CE.tmp Handle ID: 1092 Operation ID: {0,8924002} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33CE.tmp Handle ID: 3784 Operation ID: {0,8923989} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33CD.tmp Handle ID: 1092 Operation ID: {0,8923986} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33CD.tmp Handle ID: 1600 Operation ID: {0,8923985} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33CD.tmp Handle ID: 1600 Operation ID: {0,8923976} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33CE.tmp Handle ID: 1600 Operation ID: {0,8923973} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33CD.tmp Handle ID: 1600 Operation ID: {0,8923969} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3784 Operation ID: {0,8923936} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3784 Operation ID: {0,8923900} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3784 Operation ID: {0,8923861} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33CC.tmp Handle ID: 4052 Operation ID: {0,8923801} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33CB.tmp Handle ID: 4052 Operation ID: {0,8923792} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33CC.tmp Handle ID: 4052 Operation ID: {0,8923787} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33CC.tmp Handle ID: 3784 Operation ID: {0,8923774} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33CB.tmp Handle ID: 4052 Operation ID: {0,8923773} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33CB.tmp Handle ID: 1600 Operation ID: {0,8923772} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33CB.tmp Handle ID: 1600 Operation ID: {0,8923767} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33CC.tmp Handle ID: 1600 Operation ID: {0,8923764} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33CB.tmp Handle ID: 1600 Operation ID: {0,8923760} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1684 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1684 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1684 Operation ID: {0,8923709} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1684 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1684 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1684 Operation ID: {0,8923648} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33CA.tmp Handle ID: 4288 Operation ID: {0,8923616} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33C9.tmp Handle ID: 4288 Operation ID: {0,8923611} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33CA.tmp Handle ID: 4288 Operation ID: {0,8923606} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3296 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33CA.tmp Handle ID: 1600 Operation ID: {0,8923591} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3296 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33C9.tmp Handle ID: 4288 Operation ID: {0,8923590} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33C9.tmp Handle ID: 3296 Operation ID: {0,8923589} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3296 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3296 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33C9.tmp Handle ID: 3296 Operation ID: {0,8923584} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3296 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33CA.tmp Handle ID: 3296 Operation ID: {0,8923583} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3296 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33C9.tmp Handle ID: 3296 Operation ID: {0,8923579} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1600 Operation ID: {0,8923546} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1600 Operation ID: {0,8923510} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1684 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1684 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1684 Operation ID: {0,8923469} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3784 Operation ID: {0,8923426} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33C8.tmp Handle ID: 1600 Operation ID: {0,8923401} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33C7.tmp Handle ID: 1600 Operation ID: {0,8923398} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33C8.tmp Handle ID: 1600 Operation ID: {0,8923393} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33C8.tmp Handle ID: 3784 Operation ID: {0,8923380} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33C7.tmp Handle ID: 1600 Operation ID: {0,8923377} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33C7.tmp Handle ID: 3876 Operation ID: {0,8923376} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33C7.tmp Handle ID: 3876 Operation ID: {0,8923369} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33C8.tmp Handle ID: 3876 Operation ID: {0,8923366} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33C7.tmp Handle ID: 3876 Operation ID: {0,8923362} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1684 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1684 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1684 Operation ID: {0,8923311} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1684 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1684 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1684 Operation ID: {0,8923249} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3296 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3296 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3296 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3296 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33C6.tmp Handle ID: 3296 Operation ID: {0,8923217} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3296 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3296 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3296 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3296 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33C5.tmp Handle ID: 3296 Operation ID: {0,8923212} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3296 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3296 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33C6.tmp Handle ID: 3296 Operation ID: {0,8923207} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3296 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3296 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33C6.tmp Handle ID: 3876 Operation ID: {0,8923194} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33C5.tmp Handle ID: 3296 Operation ID: {0,8923191} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33C5.tmp Handle ID: 4440 Operation ID: {0,8923190} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33C5.tmp Handle ID: 4440 Operation ID: {0,8923181} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33C6.tmp Handle ID: 4440 Operation ID: {0,8923178} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33C5.tmp Handle ID: 4440 Operation ID: {0,8923174} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3876 Operation ID: {0,8923141} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3876 Operation ID: {0,8923105} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1684 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1684 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1684 Operation ID: {0,8923062} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3784 Operation ID: {0,8923017} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33C4.tmp Handle ID: 3876 Operation ID: {0,8922992} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33C3.tmp Handle ID: 3876 Operation ID: {0,8922989} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33C4.tmp Handle ID: 3876 Operation ID: {0,8922984} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33C4.tmp Handle ID: 3784 Operation ID: {0,8922973} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33C3.tmp Handle ID: 3876 Operation ID: {0,8922970} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33C3.tmp Handle ID: 4052 Operation ID: {0,8922969} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33C3.tmp Handle ID: 4052 Operation ID: {0,8922962} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33C4.tmp Handle ID: 4052 Operation ID: {0,8922959} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33C3.tmp Handle ID: 4052 Operation ID: {0,8922955} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1684 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1684 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1684 Operation ID: {0,8922904} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1684 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1684 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1684 Operation ID: {0,8922843} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33C2.tmp Handle ID: 4440 Operation ID: {0,8922811} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33C1.tmp Handle ID: 4440 Operation ID: {0,8922808} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33C2.tmp Handle ID: 4440 Operation ID: {0,8922803} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33C2.tmp Handle ID: 4052 Operation ID: {0,8922790} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33C1.tmp Handle ID: 4440 Operation ID: {0,8922789} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33C1.tmp Handle ID: 4288 Operation ID: {0,8922788} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33C1.tmp Handle ID: 4288 Operation ID: {0,8922781} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33C2.tmp Handle ID: 4288 Operation ID: {0,8922778} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33C1.tmp Handle ID: 4288 Operation ID: {0,8922774} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4052 Operation ID: {0,8922741} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4052 Operation ID: {0,8922705} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1684 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1684 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1684 Operation ID: {0,8922664} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3784 Operation ID: {0,8922620} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33C0.tmp Handle ID: 4052 Operation ID: {0,8922595} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33BF.tmp Handle ID: 4052 Operation ID: {0,8922590} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33C0.tmp Handle ID: 4052 Operation ID: {0,8922585} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33C0.tmp Handle ID: 3784 Operation ID: {0,8922572} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33BF.tmp Handle ID: 4052 Operation ID: {0,8922569} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33BF.tmp Handle ID: 1600 Operation ID: {0,8922568} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33BF.tmp Handle ID: 1600 Operation ID: {0,8922561} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33C0.tmp Handle ID: 1600 Operation ID: {0,8922558} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33BF.tmp Handle ID: 1600 Operation ID: {0,8922554} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1684 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1684 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1684 Operation ID: {0,8922503} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1684 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1684 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1684 Operation ID: {0,8922442} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33BE.tmp Handle ID: 4288 Operation ID: {0,8922412} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33BD.tmp Handle ID: 4288 Operation ID: {0,8922409} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33BE.tmp Handle ID: 4288 Operation ID: {0,8922406} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3296 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33BE.tmp Handle ID: 1600 Operation ID: {0,8922393} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3296 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33BD.tmp Handle ID: 4288 Operation ID: {0,8922390} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33BD.tmp Handle ID: 3296 Operation ID: {0,8922389} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3296 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3296 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33BD.tmp Handle ID: 3296 Operation ID: {0,8922380} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3296 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33BE.tmp Handle ID: 3296 Operation ID: {0,8922379} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3296 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33BD.tmp Handle ID: 3296 Operation ID: {0,8922375} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:07 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:07 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1600 Operation ID: {0,8922342} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1600 Operation ID: {0,8922306} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1684 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1684 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1684 Operation ID: {0,8922265} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:06 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33BC.tmp Handle ID: 1600 Operation ID: {0,8922233} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:06 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33BB.tmp Handle ID: 1600 Operation ID: {0,8922226} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33BC.tmp Handle ID: 1600 Operation ID: {0,8922221} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33BC.tmp Handle ID: 3784 Operation ID: {0,8922208} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33BB.tmp Handle ID: 1600 Operation ID: {0,8922205} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33BB.tmp Handle ID: 3876 Operation ID: {0,8922204} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33BB.tmp Handle ID: 3876 Operation ID: {0,8922197} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33BC.tmp Handle ID: 3876 Operation ID: {0,8922194} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33BB.tmp Handle ID: 3876 Operation ID: {0,8922190} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1684 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1684 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1684 Operation ID: {0,8922139} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1684 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1684 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1684 Operation ID: {0,8922078} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3296 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:06 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3296 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3296 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3296 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33BA.tmp Handle ID: 3296 Operation ID: {0,8922043} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3296 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:06 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3296 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3296 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3296 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33B9.tmp Handle ID: 3296 Operation ID: {0,8922038} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3296 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3296 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33BA.tmp Handle ID: 3296 Operation ID: {0,8922033} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3296 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3296 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33BA.tmp Handle ID: 3876 Operation ID: {0,8922020} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33B9.tmp Handle ID: 3296 Operation ID: {0,8922017} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33B9.tmp Handle ID: 4440 Operation ID: {0,8922016} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33B9.tmp Handle ID: 4440 Operation ID: {0,8922009} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33BA.tmp Handle ID: 4440 Operation ID: {0,8922006} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33B9.tmp Handle ID: 4440 Operation ID: {0,8922002} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3876 Operation ID: {0,8921969} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3876 Operation ID: {0,8921933} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:06 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:06 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3876 Operation ID: {0,8921894} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33B8.tmp Handle ID: 4076 Operation ID: {0,8920014} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33B7.tmp Handle ID: 4076 Operation ID: {0,8920011} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33B8.tmp Handle ID: 4076 Operation ID: {0,8920006} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33B8.tmp Handle ID: 4440 Operation ID: {0,8919993} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33B7.tmp Handle ID: 4076 Operation ID: {0,8919992} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33B7.tmp Handle ID: 4272 Operation ID: {0,8919991} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33B7.tmp Handle ID: 4272 Operation ID: {0,8919982} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33B8.tmp Handle ID: 4272 Operation ID: {0,8919981} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33B7.tmp Handle ID: 4272 Operation ID: {0,8919977} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1600 Operation ID: {0,8919924} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1600 Operation ID: {0,8919863} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33B6.tmp Handle ID: 4052 Operation ID: {0,8919831} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33B5.tmp Handle ID: 4052 Operation ID: {0,8919824} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33B6.tmp Handle ID: 4052 Operation ID: {0,8919821} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33B6.tmp Handle ID: 4272 Operation ID: {0,8919807} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33B5.tmp Handle ID: 4052 Operation ID: {0,8919804} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33B5.tmp Handle ID: 3784 Operation ID: {0,8919803} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33B5.tmp Handle ID: 3784 Operation ID: {0,8919796} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33B6.tmp Handle ID: 3784 Operation ID: {0,8919793} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33B5.tmp Handle ID: 3784 Operation ID: {0,8919789} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4272 Operation ID: {0,8919756} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4272 Operation ID: {0,8919720} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1600 Operation ID: {0,8919677} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4440 Operation ID: {0,8919634} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33B4.tmp Handle ID: 4272 Operation ID: {0,8919609} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33B3.tmp Handle ID: 4272 Operation ID: {0,8919604} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33B4.tmp Handle ID: 4272 Operation ID: {0,8919599} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33B4.tmp Handle ID: 4440 Operation ID: {0,8919586} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33B3.tmp Handle ID: 4272 Operation ID: {0,8919585} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33B3.tmp Handle ID: 4324 Operation ID: {0,8919584} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33B3.tmp Handle ID: 4324 Operation ID: {0,8919577} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33B4.tmp Handle ID: 4324 Operation ID: {0,8919574} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33B3.tmp Handle ID: 4324 Operation ID: {0,8919570} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1600 Operation ID: {0,8919517} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1600 Operation ID: {0,8919454} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33B2.tmp Handle ID: 3784 Operation ID: {0,8919421} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33B1.tmp Handle ID: 3784 Operation ID: {0,8919416} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33B2.tmp Handle ID: 3784 Operation ID: {0,8919411} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33B2.tmp Handle ID: 4324 Operation ID: {0,8919398} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33B1.tmp Handle ID: 3784 Operation ID: {0,8919395} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33B1.tmp Handle ID: 3520 Operation ID: {0,8919394} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33B1.tmp Handle ID: 3520 Operation ID: {0,8919387} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33B2.tmp Handle ID: 3520 Operation ID: {0,8919384} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33B1.tmp Handle ID: 3520 Operation ID: {0,8919380} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4324 Operation ID: {0,8919347} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4324 Operation ID: {0,8919311} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1600 Operation ID: {0,8919270} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4440 Operation ID: {0,8919225} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33B0.tmp Handle ID: 4324 Operation ID: {0,8919200} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33AF.tmp Handle ID: 4324 Operation ID: {0,8919193} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33B0.tmp Handle ID: 4324 Operation ID: {0,8919188} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33B0.tmp Handle ID: 4440 Operation ID: {0,8919175} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33AF.tmp Handle ID: 4324 Operation ID: {0,8919172} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33AF.tmp Handle ID: 4076 Operation ID: {0,8919171} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33AF.tmp Handle ID: 4076 Operation ID: {0,8919164} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33B0.tmp Handle ID: 4076 Operation ID: {0,8919161} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33AF.tmp Handle ID: 4076 Operation ID: {0,8919157} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1600 Operation ID: {0,8919106} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1600 Operation ID: {0,8919044} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3520 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33AE.tmp Handle ID: 3520 Operation ID: {0,8919010} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3520 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33AD.tmp Handle ID: 3520 Operation ID: {0,8919005} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33AE.tmp Handle ID: 3520 Operation ID: {0,8919000} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33AE.tmp Handle ID: 4076 Operation ID: {0,8918987} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33AD.tmp Handle ID: 3520 Operation ID: {0,8918984} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33AD.tmp Handle ID: 4052 Operation ID: {0,8918983} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33AD.tmp Handle ID: 4052 Operation ID: {0,8918976} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33AE.tmp Handle ID: 4052 Operation ID: {0,8918973} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33AD.tmp Handle ID: 4052 Operation ID: {0,8918969} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4076 Operation ID: {0,8918936} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4076 Operation ID: {0,8918900} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1600 Operation ID: {0,8918859} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4440 Operation ID: {0,8918816} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33AC.tmp Handle ID: 4076 Operation ID: {0,8918791} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33AB.tmp Handle ID: 4076 Operation ID: {0,8918784} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33AC.tmp Handle ID: 4076 Operation ID: {0,8918779} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33AC.tmp Handle ID: 4440 Operation ID: {0,8918764} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33AB.tmp Handle ID: 4076 Operation ID: {0,8918761} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33AB.tmp Handle ID: 4272 Operation ID: {0,8918760} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33AB.tmp Handle ID: 4272 Operation ID: {0,8918752} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33AC.tmp Handle ID: 4272 Operation ID: {0,8918750} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33AB.tmp Handle ID: 4272 Operation ID: {0,8918746} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1600 Operation ID: {0,8918695} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1600 Operation ID: {0,8918634} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33AA.tmp Handle ID: 4052 Operation ID: {0,8918602} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33A9.tmp Handle ID: 4052 Operation ID: {0,8918595} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33AA.tmp Handle ID: 4052 Operation ID: {0,8918592} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33AA.tmp Handle ID: 4272 Operation ID: {0,8918579} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33A9.tmp Handle ID: 4052 Operation ID: {0,8918576} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33A9.tmp Handle ID: 3784 Operation ID: {0,8918575} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33A9.tmp Handle ID: 3784 Operation ID: {0,8918566} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33AA.tmp Handle ID: 3784 Operation ID: {0,8918565} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33A9.tmp Handle ID: 3784 Operation ID: {0,8918561} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4272 Operation ID: {0,8918528} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4272 Operation ID: {0,8918492} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1600 Operation ID: {0,8918451} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33A8.tmp Handle ID: 4272 Operation ID: {0,8918419} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33A7.tmp Handle ID: 4272 Operation ID: {0,8918414} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33A8.tmp Handle ID: 4272 Operation ID: {0,8918411} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33A8.tmp Handle ID: 4440 Operation ID: {0,8918400} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33A7.tmp Handle ID: 4272 Operation ID: {0,8918397} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33A7.tmp Handle ID: 4324 Operation ID: {0,8918396} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33A7.tmp Handle ID: 4324 Operation ID: {0,8918389} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33A8.tmp Handle ID: 4324 Operation ID: {0,8918386} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33A7.tmp Handle ID: 4324 Operation ID: {0,8918382} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1600 Operation ID: {0,8918329} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1600 Operation ID: {0,8918266} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33A6.tmp Handle ID: 3784 Operation ID: {0,8918234} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33A5.tmp Handle ID: 3784 Operation ID: {0,8918229} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33A6.tmp Handle ID: 3784 Operation ID: {0,8918226} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3784 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3784 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33A6.tmp Handle ID: 4324 Operation ID: {0,8918213} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33A5.tmp Handle ID: 3784 Operation ID: {0,8918210} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33A5.tmp Handle ID: 3520 Operation ID: {0,8918209} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3520 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33A5.tmp Handle ID: 3520 Operation ID: {0,8918202} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33A6.tmp Handle ID: 3520 Operation ID: {0,8918197} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3520 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33A5.tmp Handle ID: 3520 Operation ID: {0,8918193} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4324 Operation ID: {0,8918160} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4324 Operation ID: {0,8918124} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4324 Operation ID: {0,8918085} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33A4.tmp Handle ID: 1092 Operation ID: {0,8918013} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33A3.tmp Handle ID: 1092 Operation ID: {0,8918006} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33A4.tmp Handle ID: 1092 Operation ID: {0,8918001} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33A4.tmp Handle ID: 4076 Operation ID: {0,8917987} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33A3.tmp Handle ID: 1092 Operation ID: {0,8917984} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33A3.tmp Handle ID: 4324 Operation ID: {0,8917983} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33A3.tmp Handle ID: 4324 Operation ID: {0,8917976} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33A4.tmp Handle ID: 4324 Operation ID: {0,8917973} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33A3.tmp Handle ID: 4324 Operation ID: {0,8917969} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4304 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4304 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4304 Operation ID: {0,8917918} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4304 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4304 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4304 Operation ID: {0,8917857} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33A2.tmp Handle ID: 4288 Operation ID: {0,8917825} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33A1.tmp Handle ID: 4288 Operation ID: {0,8917820} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33A2.tmp Handle ID: 4288 Operation ID: {0,8917815} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33A2.tmp Handle ID: 4324 Operation ID: {0,8917802} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33A1.tmp Handle ID: 4288 Operation ID: {0,8917799} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33A1.tmp Handle ID: 4052 Operation ID: {0,8917798} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33A1.tmp Handle ID: 4052 Operation ID: {0,8917791} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:03 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:03 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33A2.tmp Handle ID: 4052 Operation ID: {0,8917788} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab33A1.tmp Handle ID: 4052 Operation ID: {0,8917784} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4324 Operation ID: {0,8917751} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4324 Operation ID: {0,8917715} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4304 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4304 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4304 Operation ID: {0,8917674} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4076 Operation ID: {0,8917631} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33A0.tmp Handle ID: 4324 Operation ID: {0,8917606} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab339F.tmp Handle ID: 4324 Operation ID: {0,8917599} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33A0.tmp Handle ID: 4324 Operation ID: {0,8917594} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33A0.tmp Handle ID: 4076 Operation ID: {0,8917581} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab339F.tmp Handle ID: 4324 Operation ID: {0,8917578} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab339F.tmp Handle ID: 4272 Operation ID: {0,8917577} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab339F.tmp Handle ID: 4272 Operation ID: {0,8917568} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar33A0.tmp Handle ID: 4272 Operation ID: {0,8917565} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab339F.tmp Handle ID: 4272 Operation ID: {0,8917561} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4304 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4304 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4304 Operation ID: {0,8917510} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4304 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4304 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4304 Operation ID: {0,8917449} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar339E.tmp Handle ID: 4052 Operation ID: {0,8917417} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab339D.tmp Handle ID: 4052 Operation ID: {0,8917412} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar339E.tmp Handle ID: 4052 Operation ID: {0,8917407} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar339E.tmp Handle ID: 4272 Operation ID: {0,8917390} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab339D.tmp Handle ID: 4052 Operation ID: {0,8917387} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab339D.tmp Handle ID: 3864 Operation ID: {0,8917386} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab339D.tmp Handle ID: 3864 Operation ID: {0,8917379} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar339E.tmp Handle ID: 3864 Operation ID: {0,8917376} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab339D.tmp Handle ID: 3864 Operation ID: {0,8917372} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4272 Operation ID: {0,8917339} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4272 Operation ID: {0,8917303} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4304 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4304 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4304 Operation ID: {0,8917262} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4076 Operation ID: {0,8917219} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar339C.tmp Handle ID: 4272 Operation ID: {0,8917194} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab339B.tmp Handle ID: 4272 Operation ID: {0,8917189} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar339C.tmp Handle ID: 4272 Operation ID: {0,8917184} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar339C.tmp Handle ID: 4076 Operation ID: {0,8917175} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab339B.tmp Handle ID: 4272 Operation ID: {0,8917172} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab339B.tmp Handle ID: 1092 Operation ID: {0,8917171} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab339B.tmp Handle ID: 1092 Operation ID: {0,8917163} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar339C.tmp Handle ID: 1092 Operation ID: {0,8917161} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab339B.tmp Handle ID: 1092 Operation ID: {0,8917157} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4304 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4304 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4304 Operation ID: {0,8917102} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4304 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4304 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4304 Operation ID: {0,8917041} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar339A.tmp Handle ID: 3864 Operation ID: {0,8917011} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3399.tmp Handle ID: 3864 Operation ID: {0,8917006} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar339A.tmp Handle ID: 3864 Operation ID: {0,8917001} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar339A.tmp Handle ID: 4272 Operation ID: {0,8916988} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3399.tmp Handle ID: 3864 Operation ID: {0,8916985} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3399.tmp Handle ID: 4288 Operation ID: {0,8916984} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3399.tmp Handle ID: 4288 Operation ID: {0,8916977} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar339A.tmp Handle ID: 4288 Operation ID: {0,8916974} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3399.tmp Handle ID: 4288 Operation ID: {0,8916970} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4272 Operation ID: {0,8916937} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4272 Operation ID: {0,8916901} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4304 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4304 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4304 Operation ID: {0,8916860} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1092 Operation ID: {0,8916815} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3398.tmp Handle ID: 4272 Operation ID: {0,8916790} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3397.tmp Handle ID: 4272 Operation ID: {0,8916785} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3398.tmp Handle ID: 4272 Operation ID: {0,8916782} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3398.tmp Handle ID: 1092 Operation ID: {0,8916769} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3397.tmp Handle ID: 4272 Operation ID: {0,8916766} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3397.tmp Handle ID: 4324 Operation ID: {0,8916765} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3397.tmp Handle ID: 4324 Operation ID: {0,8916758} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3398.tmp Handle ID: 4324 Operation ID: {0,8916755} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3397.tmp Handle ID: 4324 Operation ID: {0,8916751} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4304 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4304 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4304 Operation ID: {0,8916700} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4304 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4304 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4304 Operation ID: {0,8916637} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3396.tmp Handle ID: 4288 Operation ID: {0,8916596} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3395.tmp Handle ID: 4288 Operation ID: {0,8916591} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3396.tmp Handle ID: 4288 Operation ID: {0,8916586} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3396.tmp Handle ID: 4324 Operation ID: {0,8916573} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3395.tmp Handle ID: 4288 Operation ID: {0,8916568} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3395.tmp Handle ID: 4052 Operation ID: {0,8916567} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3395.tmp Handle ID: 4052 Operation ID: {0,8916560} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3396.tmp Handle ID: 4052 Operation ID: {0,8916557} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3395.tmp Handle ID: 4052 Operation ID: {0,8916553} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4324 Operation ID: {0,8916520} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4324 Operation ID: {0,8916484} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4304 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4304 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4304 Operation ID: {0,8916443} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3394.tmp Handle ID: 4324 Operation ID: {0,8916409} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3393.tmp Handle ID: 4324 Operation ID: {0,8916404} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3394.tmp Handle ID: 4324 Operation ID: {0,8916399} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3394.tmp Handle ID: 1092 Operation ID: {0,8916386} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3393.tmp Handle ID: 4324 Operation ID: {0,8916383} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3393.tmp Handle ID: 4076 Operation ID: {0,8916382} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3393.tmp Handle ID: 4076 Operation ID: {0,8916373} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3394.tmp Handle ID: 4076 Operation ID: {0,8916370} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3393.tmp Handle ID: 4076 Operation ID: {0,8916366} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4304 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4304 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4304 Operation ID: {0,8916315} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4304 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4304 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4304 Operation ID: {0,8916252} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3392.tmp Handle ID: 4052 Operation ID: {0,8916216} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3391.tmp Handle ID: 4052 Operation ID: {0,8916211} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3392.tmp Handle ID: 4052 Operation ID: {0,8916206} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4052 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4052 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3392.tmp Handle ID: 4076 Operation ID: {0,8916193} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3391.tmp Handle ID: 4052 Operation ID: {0,8916190} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3391.tmp Handle ID: 3864 Operation ID: {0,8916189} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3391.tmp Handle ID: 3864 Operation ID: {0,8916182} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3392.tmp Handle ID: 3864 Operation ID: {0,8916179} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3391.tmp Handle ID: 3864 Operation ID: {0,8916175} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4076 Operation ID: {0,8916142} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4076 Operation ID: {0,8916106} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4076 Operation ID: {0,8916067} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3390.tmp Handle ID: 2780 Operation ID: {0,8915983} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab338F.tmp Handle ID: 2780 Operation ID: {0,8915976} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3390.tmp Handle ID: 2780 Operation ID: {0,8915971} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3390.tmp Handle ID: 4076 Operation ID: {0,8915958} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab338F.tmp Handle ID: 2780 Operation ID: {0,8915955} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab338F.tmp Handle ID: 3864 Operation ID: {0,8915954} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab338F.tmp Handle ID: 3864 Operation ID: {0,8915947} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3390.tmp Handle ID: 3864 Operation ID: {0,8915944} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab338F.tmp Handle ID: 3864 Operation ID: {0,8915940} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4304 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4304 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4304 Operation ID: {0,8915889} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4304 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4304 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4304 Operation ID: {0,8915825} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar338E.tmp Handle ID: 1092 Operation ID: {0,8915793} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab338D.tmp Handle ID: 1092 Operation ID: {0,8915788} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar338E.tmp Handle ID: 1092 Operation ID: {0,8915783} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar338E.tmp Handle ID: 3864 Operation ID: {0,8915770} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab338D.tmp Handle ID: 1092 Operation ID: {0,8915767} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab338D.tmp Handle ID: 3876 Operation ID: {0,8915766} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab338D.tmp Handle ID: 3876 Operation ID: {0,8915759} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar338E.tmp Handle ID: 3876 Operation ID: {0,8915756} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab338D.tmp Handle ID: 3876 Operation ID: {0,8915752} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3864 Operation ID: {0,8915717} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3864 Operation ID: {0,8915681} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4380 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4380 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4380 Operation ID: {0,8915640} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4440 Operation ID: {0,8915591} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar338C.tmp Handle ID: 4076 Operation ID: {0,8915566} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab338B.tmp Handle ID: 4076 Operation ID: {0,8915559} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar338C.tmp Handle ID: 4076 Operation ID: {0,8915556} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar338C.tmp Handle ID: 4440 Operation ID: {0,8915543} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab338B.tmp Handle ID: 4076 Operation ID: {0,8915540} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab338B.tmp Handle ID: 4324 Operation ID: {0,8915539} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab338B.tmp Handle ID: 4324 Operation ID: {0,8915532} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar338C.tmp Handle ID: 4324 Operation ID: {0,8915529} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab338B.tmp Handle ID: 4324 Operation ID: {0,8915525} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4192 Operation ID: {0,8915472} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4192 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4192 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4192 Operation ID: {0,8915411} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar338A.tmp Handle ID: 3864 Operation ID: {0,8915377} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3389.tmp Handle ID: 3864 Operation ID: {0,8915371} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar338A.tmp Handle ID: 3864 Operation ID: {0,8915367} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar338A.tmp Handle ID: 4324 Operation ID: {0,8915349} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3389.tmp Handle ID: 3864 Operation ID: {0,8915348} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3389.tmp Handle ID: 4272 Operation ID: {0,8915347} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3389.tmp Handle ID: 4272 Operation ID: {0,8915338} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar338A.tmp Handle ID: 4272 Operation ID: {0,8915335} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3389.tmp Handle ID: 4272 Operation ID: {0,8915331} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4324 Operation ID: {0,8915298} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4324 Operation ID: {0,8915260} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4280 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4280 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4280 Operation ID: {0,8915217} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4288 Operation ID: {0,8915166} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3388.tmp Handle ID: 4272 Operation ID: {0,8915141} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3387.tmp Handle ID: 4272 Operation ID: {0,8915136} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3388.tmp Handle ID: 4272 Operation ID: {0,8915131} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3388.tmp Handle ID: 4288 Operation ID: {0,8915114} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3387.tmp Handle ID: 4272 Operation ID: {0,8915113} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3387.tmp Handle ID: 3864 Operation ID: {0,8915112} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3387.tmp Handle ID: 3864 Operation ID: {0,8915101} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3388.tmp Handle ID: 3864 Operation ID: {0,8915100} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3387.tmp Handle ID: 3864 Operation ID: {0,8915096} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3888 Operation ID: {0,8915045} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3888 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3888 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3888 Operation ID: {0,8914982} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3386.tmp Handle ID: 4324 Operation ID: {0,8914950} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3385.tmp Handle ID: 4324 Operation ID: {0,8914945} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3386.tmp Handle ID: 4324 Operation ID: {0,8914940} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3386.tmp Handle ID: 3864 Operation ID: {0,8914923} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3385.tmp Handle ID: 4324 Operation ID: {0,8914922} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3385.tmp Handle ID: 2780 Operation ID: {0,8914921} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3385.tmp Handle ID: 2780 Operation ID: {0,8914910} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3386.tmp Handle ID: 2780 Operation ID: {0,8914909} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3385.tmp Handle ID: 2780 Operation ID: {0,8914903} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3864 Operation ID: {0,8914870} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3864 Operation ID: {0,8914832} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4256 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4256 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4256 Operation ID: {0,8914791} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3876 Operation ID: {0,8914739} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3384.tmp Handle ID: 4288 Operation ID: {0,8914714} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3383.tmp Handle ID: 4288 Operation ID: {0,8914709} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3384.tmp Handle ID: 4288 Operation ID: {0,8914704} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3384.tmp Handle ID: 3876 Operation ID: {0,8914687} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3383.tmp Handle ID: 4288 Operation ID: {0,8914686} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3383.tmp Handle ID: 1600 Operation ID: {0,8914685} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3383.tmp Handle ID: 1600 Operation ID: {0,8914674} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3384.tmp Handle ID: 1600 Operation ID: {0,8914671} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3383.tmp Handle ID: 1600 Operation ID: {0,8914667} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:02 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:02 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3180 Operation ID: {0,8914614} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3180 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3180 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3180 Operation ID: {0,8914553} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:01 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3382.tmp Handle ID: 3864 Operation ID: {0,8914519} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:01 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3381.tmp Handle ID: 3864 Operation ID: {0,8914514} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3382.tmp Handle ID: 3864 Operation ID: {0,8914509} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3382.tmp Handle ID: 1600 Operation ID: {0,8914494} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3381.tmp Handle ID: 3864 Operation ID: {0,8914491} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3381.tmp Handle ID: 4076 Operation ID: {0,8914490} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3381.tmp Handle ID: 4076 Operation ID: {0,8914481} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3382.tmp Handle ID: 4076 Operation ID: {0,8914476} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3381.tmp Handle ID: 4076 Operation ID: {0,8914472} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1600 Operation ID: {0,8914439} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1600 Operation ID: {0,8914401} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4160 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4160 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4160 Operation ID: {0,8914358} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:01 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3380.tmp Handle ID: 3876 Operation ID: {0,8914318} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:01 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab337F.tmp Handle ID: 3876 Operation ID: {0,8914313} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3380.tmp Handle ID: 3876 Operation ID: {0,8914308} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3380.tmp Handle ID: 1092 Operation ID: {0,8914292} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab337F.tmp Handle ID: 3876 Operation ID: {0,8914289} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab337F.tmp Handle ID: 2780 Operation ID: {0,8914288} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab337F.tmp Handle ID: 2780 Operation ID: {0,8914277} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3380.tmp Handle ID: 2780 Operation ID: {0,8914272} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab337F.tmp Handle ID: 2780 Operation ID: {0,8914266} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4432 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4432 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4432 Operation ID: {0,8914215} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2464 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2464 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2464 Operation ID: {0,8914152} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:01 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3624 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar337E.tmp Handle ID: 3624 Operation ID: {0,8913870} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:01 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3624 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab337D.tmp Handle ID: 3624 Operation ID: {0,8913867} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar337E.tmp Handle ID: 3624 Operation ID: {0,8913861} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1604 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar337E.tmp Handle ID: 3876 Operation ID: {0,8913738} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:42:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1604 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab337D.tmp Handle ID: 3624 Operation ID: {0,8913737} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab337D.tmp Handle ID: 1604 Operation ID: {0,8913735} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1604 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1604 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab337D.tmp Handle ID: 1604 Operation ID: {0,8913696} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1604 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar337E.tmp Handle ID: 1604 Operation ID: {0,8913688} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1604 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab337D.tmp Handle ID: 1604 Operation ID: {0,8913677} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3876 Operation ID: {0,8913644} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3876 Operation ID: {0,8913608} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1604 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:42:01 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1604 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:42:01 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1604 Operation ID: {0,8913557} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:41:54 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4172 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:41:54 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4172 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:41:54 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4172 Operation ID: {0,8911785} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:41:42 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 304 Process ID: 4072 Image File Name: C:\WINDOWS\system32\rundll32.exe " 4/17/2020 11:41:42 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 304 Object Type: Key Process ID: 4072 Image File Name: C:\WINDOWS\system32\rundll32.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:41:42 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 304 Operation ID: {0,8903468} Process ID: 4072 Image File Name: C:\WINDOWS\system32\rundll32.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x523CA) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:41:42 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 132 Process ID: 4072 Image File Name: C:\WINDOWS\system32\rundll32.exe " 4/17/2020 11:41:42 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 132 Object Type: Key Process ID: 4072 Image File Name: C:\WINDOWS\system32\rundll32.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:41:42 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 132 Operation ID: {0,8902728} Process ID: 4072 Image File Name: C:\WINDOWS\system32\rundll32.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x523CA) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:41:42 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 84 Process ID: 4072 Image File Name: C:\WINDOWS\system32\rundll32.exe " 4/17/2020 11:41:42 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 84 Object Type: Key Process ID: 4072 Image File Name: C:\WINDOWS\system32\rundll32.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:41:42 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 84 Operation ID: {0,8902577} Process ID: 4072 Image File Name: C:\WINDOWS\system32\rundll32.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x523CA) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:41:12 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 3992 Process ID: 4692 Image File Name: C:\Program Files\Google\Chrome\Application\chrome.exe " 4/17/2020 11:41:12 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 3992 Object Type: Key Process ID: 4692 Image File Name: C:\Program Files\Google\Chrome\Application\chrome.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:41:12 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3992 Operation ID: {0,8896770} Process ID: 4692 Image File Name: C:\Program Files\Google\Chrome\Application\chrome.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x523CA) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:41:12 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 3992 Process ID: 4692 Image File Name: C:\Program Files\Google\Chrome\Application\chrome.exe " 4/17/2020 11:41:12 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 3992 Object Type: Key Process ID: 4692 Image File Name: C:\Program Files\Google\Chrome\Application\chrome.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:41:12 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3992 Operation ID: {0,8896731} Process ID: 4692 Image File Name: C:\Program Files\Google\Chrome\Application\chrome.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x523CA) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:41:12 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2208 Process ID: 4692 Image File Name: C:\Program Files\Google\Chrome\Application\chrome.exe " 4/17/2020 11:41:12 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2208 Object Type: Key Process ID: 4692 Image File Name: C:\Program Files\Google\Chrome\Application\chrome.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:41:12 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2208 Operation ID: {0,8896692} Process ID: 4692 Image File Name: C:\Program Files\Google\Chrome\Application\chrome.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x523CA) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:41:12 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 2208 Process ID: 4692 Image File Name: C:\Program Files\Google\Chrome\Application\chrome.exe " 4/17/2020 11:41:12 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 2208 Object Type: Key Process ID: 4692 Image File Name: C:\Program Files\Google\Chrome\Application\chrome.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:41:12 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2208 Operation ID: {0,8896653} Process ID: 4692 Image File Name: C:\Program Files\Google\Chrome\Application\chrome.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x523CA) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:41:04 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 148 Process ID: 5140 Image File Name: C:\WINDOWS\system32\notepad.exe " 4/17/2020 11:41:04 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 148 Object Type: Key Process ID: 5140 Image File Name: C:\WINDOWS\system32\notepad.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:41:04 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 148 Operation ID: {0,8895089} Process ID: 5140 Image File Name: C:\WINDOWS\system32\notepad.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x523CA) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:41:04 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 92 Process ID: 5140 Image File Name: C:\WINDOWS\system32\notepad.exe " 4/17/2020 11:41:04 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 92 Object Type: Key Process ID: 5140 Image File Name: C:\WINDOWS\system32\notepad.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:41:04 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 92 Operation ID: {0,8894825} Process ID: 5140 Image File Name: C:\WINDOWS\system32\notepad.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x523CA) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:40:22 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4424 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:40:22 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4424 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:40:22 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 4424 Operation ID: {0,8849631} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 676 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 764 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 764 Object Type: File Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\vmware-temp\vmware-SYSTEM Handle ID: 764 Operation ID: {0,8840228} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadData (or ListDirectory) Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100001 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 764 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 764 Operation ID: {0,8840211} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 764 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 764 Operation ID: {0,8840208} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 764 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 764 Operation ID: {0,8840207} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 764 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 764 Operation ID: {0,8840206} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 764 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\vmware-temp Handle ID: 764 Operation ID: {0,8840202} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 764 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\vmware-temp Handle ID: 764 Operation ID: {0,8840199} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 764 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\vmware-temp Handle ID: 764 Operation ID: {0,8840198} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 764 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\vmware-temp Handle ID: 764 Operation ID: {0,8840195} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 764 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\vmware-temp\vmware-SYSTEM Handle ID: 764 Operation ID: {0,8840193} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 764 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\vmware-temp\vmware-SYSTEM Handle ID: 764 Operation ID: {0,8840190} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 764 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\vmware-temp\vmware-SYSTEM Handle ID: 764 Operation ID: {0,8840189} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 764 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\vmware-temp\vmware-SYSTEM Handle ID: 764 Operation ID: {0,8840186} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 764 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 764 Object Type: File Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\vmware-temp Handle ID: 764 Operation ID: {0,8840182} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadData (or ListDirectory) Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100001 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 764 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 764 Object Type: File Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\vmware-temp\vmware-SYSTEM Handle ID: 764 Operation ID: {0,8840179} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadData (or ListDirectory) Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100001 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 764 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 764 Operation ID: {0,8840162} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 764 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 764 Operation ID: {0,8840159} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 764 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 764 Operation ID: {0,8840158} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 764 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 764 Operation ID: {0,8840157} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 764 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\vmware-temp Handle ID: 764 Operation ID: {0,8840153} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 764 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\vmware-temp Handle ID: 764 Operation ID: {0,8840152} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 764 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\vmware-temp Handle ID: 764 Operation ID: {0,8840151} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 764 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\vmware-temp Handle ID: 764 Operation ID: {0,8840148} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 764 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\vmware-temp\vmware-SYSTEM Handle ID: 764 Operation ID: {0,8840144} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 764 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\vmware-temp\vmware-SYSTEM Handle ID: 764 Operation ID: {0,8840141} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 764 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\vmware-temp\vmware-SYSTEM Handle ID: 764 Operation ID: {0,8840140} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 764 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\vmware-temp\vmware-SYSTEM Handle ID: 764 Operation ID: {0,8840137} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 764 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 764 Object Type: File Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\vmware-temp Handle ID: 764 Operation ID: {0,8840133} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadData (or ListDirectory) Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100001 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 764 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 764 Object Type: File Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\vmware-temp Handle ID: 764 Operation ID: {0,8840130} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadData (or ListDirectory) Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100001 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 760 Object Type: File Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\vmware-temp Handle ID: 760 Operation ID: {0,8840129} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadData (or ListDirectory) Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100001 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 760 Operation ID: {0,8840112} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 760 Operation ID: {0,8840111} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 760 Operation ID: {0,8840110} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 760 Operation ID: {0,8840107} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\vmware-temp Handle ID: 760 Operation ID: {0,8840103} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\vmware-temp Handle ID: 760 Operation ID: {0,8840102} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\vmware-temp Handle ID: 760 Operation ID: {0,8840101} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\vmware-temp Handle ID: 760 Operation ID: {0,8840098} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 760 Object Type: File Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 760 Operation ID: {0,8840094} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadData (or ListDirectory) Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100001 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 764 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 764 Object Type: File Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\vmware-temp Handle ID: 764 Operation ID: {0,8840090} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadData (or ListDirectory) Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100001 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 760 Object Type: File Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\vmware-temp Handle ID: 760 Operation ID: {0,8840089} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadData (or ListDirectory) Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100001 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 760 Operation ID: {0,8840074} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 760 Operation ID: {0,8840073} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 760 Operation ID: {0,8840070} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 760 Operation ID: {0,8840069} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\vmware-temp Handle ID: 760 Operation ID: {0,8840065} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\vmware-temp Handle ID: 760 Operation ID: {0,8840064} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\vmware-temp Handle ID: 760 Operation ID: {0,8840061} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\vmware-temp Handle ID: 760 Operation ID: {0,8840058} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 760 Object Type: File Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 760 Operation ID: {0,8840054} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadData (or ListDirectory) Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100001 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 760 Object Type: File Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 760 Operation ID: {0,8840051} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadData (or ListDirectory) Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100001 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 760 Object Type: File Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\vmware-SYSTEM Handle ID: 760 Operation ID: {0,8840044} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadData (or ListDirectory) Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100001 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 760 Operation ID: {0,8840029} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 760 Operation ID: {0,8840026} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 760 Operation ID: {0,8840025} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 760 Operation ID: {0,8840024} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\vmware-SYSTEM Handle ID: 760 Operation ID: {0,8840020} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\vmware-SYSTEM Handle ID: 760 Operation ID: {0,8840019} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\vmware-SYSTEM Handle ID: 760 Operation ID: {0,8840016} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\vmware-SYSTEM Handle ID: 760 Operation ID: {0,8840015} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 760 Object Type: File Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 760 Operation ID: {0,8840011} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadData (or ListDirectory) Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100001 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 760 Object Type: File Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\vmware-SYSTEM Handle ID: 760 Operation ID: {0,8840008} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadData (or ListDirectory) Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100001 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 760 Operation ID: {0,8839991} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 760 Operation ID: {0,8839990} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 760 Operation ID: {0,8839989} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 760 Operation ID: {0,8839986} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\vmware-SYSTEM Handle ID: 760 Operation ID: {0,8839982} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\vmware-SYSTEM Handle ID: 760 Operation ID: {0,8839981} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\vmware-SYSTEM Handle ID: 760 Operation ID: {0,8839978} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\vmware-SYSTEM Handle ID: 760 Operation ID: {0,8839977} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 760 Object Type: File Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 760 Operation ID: {0,8839973} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadData (or ListDirectory) Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100001 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 760 Object Type: File Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 760 Operation ID: {0,8839968} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadData (or ListDirectory) Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100001 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 760 Object Type: File Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\ntuser.dat Handle ID: 760 Operation ID: {0,8839962} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x100180 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 760 Object Type: File Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 760 Operation ID: {0,8839953} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadData (or ListDirectory) Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100001 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 760 Object Type: File Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\New Text Document.txt Handle ID: 760 Operation ID: {0,8839949} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x100180 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 760 Object Type: File Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 760 Operation ID: {0,8839939} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadData (or ListDirectory) Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100001 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 676 Object Type: File Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 676 Operation ID: {0,8839937} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadData (or ListDirectory) Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100001 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 676 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 676 Operation ID: {0,8839922} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 676 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 676 Operation ID: {0,8839919} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 676 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 676 Operation ID: {0,8839918} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 676 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 676 Operation ID: {0,8839915} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 676 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 760 Object Type: File Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 760 Operation ID: {0,8839907} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadData (or ListDirectory) Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100001 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 760 Object Type: File Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 760 Operation ID: {0,8839903} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadData (or ListDirectory) Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100001 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 760 Object Type: File Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 760 Operation ID: {0,8839899} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadData (or ListDirectory) Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100001 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 760 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 760 Object Type: File Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 760 Operation ID: {0,8839897} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadData (or ListDirectory) Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100001 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 676 Object Type: File Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 676 Operation ID: {0,8839894} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadData (or ListDirectory) Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100001 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 676 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 676 Operation ID: {0,8839877} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 676 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 676 Operation ID: {0,8839874} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 676 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 676 Operation ID: {0,8839873} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:09 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 676 Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe " 4/17/2020 11:40:09 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp Handle ID: 676 Operation ID: {0,8839872} Process ID: 5840 Image File Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: SYNCHRONIZE ReadAttributes Privileges: SeBackupPrivilege Restricted Sid Count: 0 Access Mask: 0x100080 " 4/17/2020 11:40:03 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 1004 Process ID: 5276 Image File Name: C:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\SqlWb.exe " 4/17/2020 11:40:03 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 1004 Object Type: Key Process ID: 5276 Image File Name: C:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\SqlWb.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:40:03 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1004 Operation ID: {0,8835003} Process ID: 5276 Image File Name: C:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\SqlWb.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x523CA) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:40:03 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 816 Process ID: 5276 Image File Name: C:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\SqlWb.exe " 4/17/2020 11:40:03 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 816 Object Type: Key Process ID: 5276 Image File Name: C:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\SqlWb.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:40:03 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 816 Operation ID: {0,8834691} Process ID: 5276 Image File Name: C:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\SqlWb.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x523CA) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:40:02 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 528 Process ID: 5276 Image File Name: C:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\SqlWb.exe " 4/17/2020 11:40:02 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 528 Object Type: Key Process ID: 5276 Image File Name: C:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\SqlWb.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:40:02 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 528 Operation ID: {0,8833982} Process ID: 5276 Image File Name: C:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\SqlWb.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x523CA) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:40:01 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 124 Process ID: 5276 Image File Name: C:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\SqlWb.exe " 4/17/2020 11:40:01 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 124 Object Type: Key Process ID: 5276 Image File Name: C:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\SqlWb.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:40:01 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 124 Operation ID: {0,8831882} Process ID: 5276 Image File Name: C:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\SqlWb.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x523CA) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL Query key value Enumerate sub-keys Notify about changes to keys Privileges: - Restricted Sid Count: 0 Access Mask: 0x20019 " 4/17/2020 11:40:01 AM Security Success Audit Object Access 562 AERODB\Administrator AERODB "Handle Closed: Object Server: Security Handle ID: 48 Process ID: 5276 Image File Name: C:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\SqlWb.exe " 4/17/2020 11:40:01 AM Security Success Audit Object Access 567 AERODB\Administrator AERODB "Object Access Attempt: Object Server: Security Handle ID: 48 Object Type: Key Process ID: 5276 Image File Name: C:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\SqlWb.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:40:01 AM Security Success Audit Object Access 560 AERODB\Administrator AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager Handle ID: 48 Operation ID: {0,8831821} Process ID: 5276 Image File Name: C:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\SqlWb.exe Primary User Name: Administrator Primary Domain: AERODB Primary Logon ID: (0x0,0x523CA) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar337A.tmp Handle ID: 4076 Operation ID: {0,8814184} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3379.tmp Handle ID: 4076 Operation ID: {0,8814179} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar337A.tmp Handle ID: 4076 Operation ID: {0,8814174} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar337A.tmp Handle ID: 1600 Operation ID: {0,8814159} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3379.tmp Handle ID: 4076 Operation ID: {0,8814155} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3379.tmp Handle ID: 4440 Operation ID: {0,8814154} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3379.tmp Handle ID: 4440 Operation ID: {0,8814147} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar337A.tmp Handle ID: 4440 Operation ID: {0,8814144} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3379.tmp Handle ID: 4440 Operation ID: {0,8814140} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4416 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4416 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4416 Operation ID: {0,8814089} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4416 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4416 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4416 Operation ID: {0,8814008} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3378.tmp Handle ID: 3864 Operation ID: {0,8813966} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3377.tmp Handle ID: 3864 Operation ID: {0,8813961} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3378.tmp Handle ID: 3864 Operation ID: {0,8813956} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3378.tmp Handle ID: 4076 Operation ID: {0,8813931} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3377.tmp Handle ID: 3864 Operation ID: {0,8813928} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3377.tmp Handle ID: 2780 Operation ID: {0,8813927} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3377.tmp Handle ID: 2780 Operation ID: {0,8813920} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3378.tmp Handle ID: 2780 Operation ID: {0,8813917} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3377.tmp Handle ID: 2780 Operation ID: {0,8813913} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4076 Operation ID: {0,8813880} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4076 Operation ID: {0,8813844} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4416 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4416 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4416 Operation ID: {0,8813803} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4440 Operation ID: {0,8813756} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3376.tmp Handle ID: 2780 Operation ID: {0,8813730} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3375.tmp Handle ID: 2780 Operation ID: {0,8813725} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3376.tmp Handle ID: 2780 Operation ID: {0,8813720} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3376.tmp Handle ID: 4440 Operation ID: {0,8813701} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3375.tmp Handle ID: 2780 Operation ID: {0,8813698} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3375.tmp Handle ID: 4288 Operation ID: {0,8813697} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3375.tmp Handle ID: 4288 Operation ID: {0,8813690} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3376.tmp Handle ID: 4288 Operation ID: {0,8813687} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3375.tmp Handle ID: 4288 Operation ID: {0,8813683} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4416 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4416 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4416 Operation ID: {0,8813632} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4416 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4416 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4416 Operation ID: {0,8813556} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3374.tmp Handle ID: 4440 Operation ID: {0,8813517} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3373.tmp Handle ID: 4440 Operation ID: {0,8813514} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3374.tmp Handle ID: 4440 Operation ID: {0,8813507} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3374.tmp Handle ID: 4288 Operation ID: {0,8813488} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3373.tmp Handle ID: 4440 Operation ID: {0,8813485} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3373.tmp Handle ID: 4272 Operation ID: {0,8813480} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3373.tmp Handle ID: 4272 Operation ID: {0,8813467} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3374.tmp Handle ID: 4272 Operation ID: {0,8813466} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3373.tmp Handle ID: 4272 Operation ID: {0,8813462} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4288 Operation ID: {0,8813429} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4288 Operation ID: {0,8813393} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4416 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4416 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4416 Operation ID: {0,8813352} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3948 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3948 Operation ID: {0,8813297} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3372.tmp Handle ID: 4288 Operation ID: {0,8813270} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3371.tmp Handle ID: 4288 Operation ID: {0,8813265} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3372.tmp Handle ID: 4288 Operation ID: {0,8813262} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3948 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3948 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3372.tmp Handle ID: 3948 Operation ID: {0,8813249} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3371.tmp Handle ID: 4288 Operation ID: {0,8813246} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3371.tmp Handle ID: 1600 Operation ID: {0,8813245} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3371.tmp Handle ID: 1600 Operation ID: {0,8813238} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3372.tmp Handle ID: 1600 Operation ID: {0,8813235} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3371.tmp Handle ID: 1600 Operation ID: {0,8813231} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4416 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4416 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4416 Operation ID: {0,8813180} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4416 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4416 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4416 Operation ID: {0,8813109} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3370.tmp Handle ID: 4272 Operation ID: {0,8813063} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab336F.tmp Handle ID: 4272 Operation ID: {0,8813058} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3370.tmp Handle ID: 4272 Operation ID: {0,8813053} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3370.tmp Handle ID: 4288 Operation ID: {0,8813038} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab336F.tmp Handle ID: 4272 Operation ID: {0,8813035} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab336F.tmp Handle ID: 4076 Operation ID: {0,8813034} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab336F.tmp Handle ID: 4076 Operation ID: {0,8813027} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3370.tmp Handle ID: 4076 Operation ID: {0,8813024} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab336F.tmp Handle ID: 4076 Operation ID: {0,8813020} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4288 Operation ID: {0,8812986} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4288 Operation ID: {0,8812950} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4416 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4416 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4416 Operation ID: {0,8812905} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1600 Operation ID: {0,8812848} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar336E.tmp Handle ID: 4076 Operation ID: {0,8812821} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab336D.tmp Handle ID: 4076 Operation ID: {0,8812816} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar336E.tmp Handle ID: 4076 Operation ID: {0,8812811} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar336E.tmp Handle ID: 1600 Operation ID: {0,8812798} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab336D.tmp Handle ID: 4076 Operation ID: {0,8812795} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab336D.tmp Handle ID: 4272 Operation ID: {0,8812794} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab336D.tmp Handle ID: 4272 Operation ID: {0,8812787} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar336E.tmp Handle ID: 4272 Operation ID: {0,8812784} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab336D.tmp Handle ID: 4272 Operation ID: {0,8812780} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4416 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4416 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4416 Operation ID: {0,8812729} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4416 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4416 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4416 Operation ID: {0,8812658} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar336C.tmp Handle ID: 4288 Operation ID: {0,8812611} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab336B.tmp Handle ID: 4288 Operation ID: {0,8812604} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar336C.tmp Handle ID: 4288 Operation ID: {0,8812599} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar336C.tmp Handle ID: 4076 Operation ID: {0,8812586} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab336B.tmp Handle ID: 4288 Operation ID: {0,8812581} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab336B.tmp Handle ID: 4440 Operation ID: {0,8812580} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab336B.tmp Handle ID: 4440 Operation ID: {0,8812573} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar336C.tmp Handle ID: 4440 Operation ID: {0,8812570} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab336B.tmp Handle ID: 4440 Operation ID: {0,8812566} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4076 Operation ID: {0,8812533} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4076 Operation ID: {0,8812497} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4416 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4416 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4416 Operation ID: {0,8812456} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3948 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3948 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar336A.tmp Handle ID: 3948 Operation ID: {0,8812420} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3948 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3948 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3369.tmp Handle ID: 3948 Operation ID: {0,8812413} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3948 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar336A.tmp Handle ID: 3948 Operation ID: {0,8812406} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3948 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar336A.tmp Handle ID: 4272 Operation ID: {0,8812393} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3369.tmp Handle ID: 3948 Operation ID: {0,8812390} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3369.tmp Handle ID: 4076 Operation ID: {0,8812389} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3369.tmp Handle ID: 4076 Operation ID: {0,8812380} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar336A.tmp Handle ID: 4076 Operation ID: {0,8812377} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3369.tmp Handle ID: 4076 Operation ID: {0,8812373} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4416 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4416 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4416 Operation ID: {0,8812322} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4416 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4416 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4416 Operation ID: {0,8812261} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3368.tmp Handle ID: 4440 Operation ID: {0,8812229} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3367.tmp Handle ID: 4440 Operation ID: {0,8812222} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3368.tmp Handle ID: 4440 Operation ID: {0,8812217} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3948 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3948 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3368.tmp Handle ID: 3948 Operation ID: {0,8812204} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3367.tmp Handle ID: 4440 Operation ID: {0,8812199} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3367.tmp Handle ID: 2780 Operation ID: {0,8812198} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3367.tmp Handle ID: 2780 Operation ID: {0,8812191} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3368.tmp Handle ID: 2780 Operation ID: {0,8812188} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3367.tmp Handle ID: 2780 Operation ID: {0,8812184} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3948 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3948 Operation ID: {0,8812151} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3948 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3948 Operation ID: {0,8812115} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3948 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3948 Operation ID: {0,8812076} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1604 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1604 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1604 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1604 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3366.tmp Handle ID: 1604 Operation ID: {0,8811970} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1604 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1604 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1604 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1604 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3365.tmp Handle ID: 1604 Operation ID: {0,8811967} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1604 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1604 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3366.tmp Handle ID: 1604 Operation ID: {0,8811962} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1604 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3948 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3948 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1604 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3366.tmp Handle ID: 3948 Operation ID: {0,8811949} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3365.tmp Handle ID: 1604 Operation ID: {0,8811946} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3365.tmp Handle ID: 2780 Operation ID: {0,8811945} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3365.tmp Handle ID: 2780 Operation ID: {0,8811938} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3366.tmp Handle ID: 2780 Operation ID: {0,8811935} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3365.tmp Handle ID: 2780 Operation ID: {0,8811931} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4416 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4416 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4416 Operation ID: {0,8811880} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4416 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4416 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4416 Operation ID: {0,8811800} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3948 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3948 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3364.tmp Handle ID: 3948 Operation ID: {0,8811755} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3948 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3948 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3363.tmp Handle ID: 3948 Operation ID: {0,8811752} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3948 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3364.tmp Handle ID: 3948 Operation ID: {0,8811747} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3948 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3364.tmp Handle ID: 2780 Operation ID: {0,8811732} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3363.tmp Handle ID: 3948 Operation ID: {0,8811729} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3363.tmp Handle ID: 3864 Operation ID: {0,8811728} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3363.tmp Handle ID: 3864 Operation ID: {0,8811721} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3364.tmp Handle ID: 3864 Operation ID: {0,8811718} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3363.tmp Handle ID: 3864 Operation ID: {0,8811714} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2780 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2780 Operation ID: {0,8811681} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2780 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 2780 Operation ID: {0,8811645} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4416 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4416 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4416 Operation ID: {0,8811592} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1600 Operation ID: {0,8811545} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3362.tmp Handle ID: 2780 Operation ID: {0,8811518} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3361.tmp Handle ID: 2780 Operation ID: {0,8811513} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3362.tmp Handle ID: 2780 Operation ID: {0,8811508} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3362.tmp Handle ID: 1600 Operation ID: {0,8811493} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3361.tmp Handle ID: 2780 Operation ID: {0,8811491} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3361.tmp Handle ID: 4288 Operation ID: {0,8811490} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3361.tmp Handle ID: 4288 Operation ID: {0,8811481} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3362.tmp Handle ID: 4288 Operation ID: {0,8811480} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3361.tmp Handle ID: 4288 Operation ID: {0,8811476} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4416 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:35 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4416 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:35 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4416 Operation ID: {0,8811425} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4416 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4416 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4416 Operation ID: {0,8811364} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3360.tmp Handle ID: 3864 Operation ID: {0,8811332} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab335F.tmp Handle ID: 3864 Operation ID: {0,8811327} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3360.tmp Handle ID: 3864 Operation ID: {0,8811322} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3360.tmp Handle ID: 4288 Operation ID: {0,8811309} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab335F.tmp Handle ID: 3864 Operation ID: {0,8811306} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab335F.tmp Handle ID: 1092 Operation ID: {0,8811305} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab335F.tmp Handle ID: 1092 Operation ID: {0,8811292} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3360.tmp Handle ID: 1092 Operation ID: {0,8811287} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab335F.tmp Handle ID: 1092 Operation ID: {0,8811283} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4288 Operation ID: {0,8811250} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4288 Operation ID: {0,8811209} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4416 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4416 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4416 Operation ID: {0,8811168} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1600 Operation ID: {0,8811113} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar335E.tmp Handle ID: 4288 Operation ID: {0,8811088} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab335D.tmp Handle ID: 4288 Operation ID: {0,8811083} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar335E.tmp Handle ID: 4288 Operation ID: {0,8811078} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1604 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar335E.tmp Handle ID: 1600 Operation ID: {0,8811065} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1604 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab335D.tmp Handle ID: 4288 Operation ID: {0,8811062} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab335D.tmp Handle ID: 1604 Operation ID: {0,8811061} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1604 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1604 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab335D.tmp Handle ID: 1604 Operation ID: {0,8811054} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1604 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar335E.tmp Handle ID: 1604 Operation ID: {0,8811051} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1604 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab335D.tmp Handle ID: 1604 Operation ID: {0,8811047} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4416 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4416 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4416 Operation ID: {0,8810987} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4152 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4152 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4152 Operation ID: {0,8810925} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar335C.tmp Handle ID: 1600 Operation ID: {0,8810893} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab335B.tmp Handle ID: 1600 Operation ID: {0,8810888} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar335C.tmp Handle ID: 1600 Operation ID: {0,8810883} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1604 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1604 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1604 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar335C.tmp Handle ID: 1604 Operation ID: {0,8810870} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3948 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab335B.tmp Handle ID: 1600 Operation ID: {0,8810865} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab335B.tmp Handle ID: 3948 Operation ID: {0,8810864} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3948 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab335B.tmp Handle ID: 3948 Operation ID: {0,8810857} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar335C.tmp Handle ID: 3948 Operation ID: {0,8810854} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab335B.tmp Handle ID: 3948 Operation ID: {0,8810850} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1604 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1604 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1604 Operation ID: {0,8810815} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1604 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1604 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1604 Operation ID: {0,8810779} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4152 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4152 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4152 Operation ID: {0,8810738} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4076 Operation ID: {0,8810695} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1604 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1604 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1604 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1604 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar335A.tmp Handle ID: 1604 Operation ID: {0,8810670} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1604 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1604 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1604 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1604 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3359.tmp Handle ID: 1604 Operation ID: {0,8810663} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1604 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1604 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar335A.tmp Handle ID: 1604 Operation ID: {0,8810654} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1604 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1604 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar335A.tmp Handle ID: 4076 Operation ID: {0,8810641} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3359.tmp Handle ID: 1604 Operation ID: {0,8810638} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3359.tmp Handle ID: 2780 Operation ID: {0,8810637} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3359.tmp Handle ID: 2780 Operation ID: {0,8810630} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar335A.tmp Handle ID: 2780 Operation ID: {0,8810627} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3359.tmp Handle ID: 2780 Operation ID: {0,8810621} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4152 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4152 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4152 Operation ID: {0,8810570} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4152 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4152 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4152 Operation ID: {0,8810509} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3948 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3948 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3358.tmp Handle ID: 3948 Operation ID: {0,8810474} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3948 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3948 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3357.tmp Handle ID: 3948 Operation ID: {0,8810469} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3948 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3358.tmp Handle ID: 3948 Operation ID: {0,8810464} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4356 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1604 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1604 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1604 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3948 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3358.tmp Handle ID: 1604 Operation ID: {0,8810451} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4356 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3357.tmp Handle ID: 3948 Operation ID: {0,8810448} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3357.tmp Handle ID: 4356 Operation ID: {0,8810447} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4356 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4356 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3357.tmp Handle ID: 4356 Operation ID: {0,8810440} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4356 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3358.tmp Handle ID: 4356 Operation ID: {0,8810437} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4356 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3357.tmp Handle ID: 4356 Operation ID: {0,8810433} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1604 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1604 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1604 Operation ID: {0,8810400} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1604 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1604 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1604 Operation ID: {0,8810364} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4152 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4152 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4152 Operation ID: {0,8810323} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4356 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4356 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4356 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4356 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3356.tmp Handle ID: 4356 Operation ID: {0,8810289} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4356 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4356 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4356 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4356 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3355.tmp Handle ID: 4356 Operation ID: {0,8810282} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4356 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4356 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3356.tmp Handle ID: 4356 Operation ID: {0,8810275} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4356 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4356 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3356.tmp Handle ID: 2780 Operation ID: {0,8810262} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3355.tmp Handle ID: 4356 Operation ID: {0,8810259} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3355.tmp Handle ID: 4288 Operation ID: {0,8810258} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3355.tmp Handle ID: 4288 Operation ID: {0,8810251} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3356.tmp Handle ID: 4288 Operation ID: {0,8810248} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3355.tmp Handle ID: 4288 Operation ID: {0,8810244} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4152 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4152 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4152 Operation ID: {0,8810193} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4152 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4152 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4152 Operation ID: {0,8810132} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3354.tmp Handle ID: 2780 Operation ID: {0,8810090} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3353.tmp Handle ID: 2780 Operation ID: {0,8810082} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3354.tmp Handle ID: 2780 Operation ID: {0,8810076} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 2780 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 2780 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3354.tmp Handle ID: 4288 Operation ID: {0,8810063} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3353.tmp Handle ID: 2780 Operation ID: {0,8810058} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3353.tmp Handle ID: 1600 Operation ID: {0,8810057} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3353.tmp Handle ID: 1600 Operation ID: {0,8810050} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3354.tmp Handle ID: 1600 Operation ID: {0,8810047} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3353.tmp Handle ID: 1600 Operation ID: {0,8810043} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4288 Operation ID: {0,8810010} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4288 Operation ID: {0,8809974} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4288 Operation ID: {0,8809935} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3352.tmp Handle ID: 4324 Operation ID: {0,8809776} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3351.tmp Handle ID: 4324 Operation ID: {0,8809771} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3352.tmp Handle ID: 4324 Operation ID: {0,8809766} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3352.tmp Handle ID: 1600 Operation ID: {0,8809757} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3351.tmp Handle ID: 4324 Operation ID: {0,8809752} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3351.tmp Handle ID: 4440 Operation ID: {0,8809751} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3351.tmp Handle ID: 4440 Operation ID: {0,8809743} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3352.tmp Handle ID: 4440 Operation ID: {0,8809741} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3351.tmp Handle ID: 4440 Operation ID: {0,8809737} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3864 Operation ID: {0,8809686} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3864 Operation ID: {0,8809607} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3350.tmp Handle ID: 4076 Operation ID: {0,8809560} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab334F.tmp Handle ID: 4076 Operation ID: {0,8809555} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3350.tmp Handle ID: 4076 Operation ID: {0,8809548} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3350.tmp Handle ID: 4440 Operation ID: {0,8809535} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab334F.tmp Handle ID: 4076 Operation ID: {0,8809530} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab334F.tmp Handle ID: 1092 Operation ID: {0,8809529} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab334F.tmp Handle ID: 1092 Operation ID: {0,8809522} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3350.tmp Handle ID: 1092 Operation ID: {0,8809519} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab334F.tmp Handle ID: 1092 Operation ID: {0,8809515} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4440 Operation ID: {0,8809482} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4440 Operation ID: {0,8809446} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3864 Operation ID: {0,8809405} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1600 Operation ID: {0,8809362} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar334E.tmp Handle ID: 1092 Operation ID: {0,8809335} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab334D.tmp Handle ID: 1092 Operation ID: {0,8809327} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar334E.tmp Handle ID: 1092 Operation ID: {0,8809321} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar334E.tmp Handle ID: 1600 Operation ID: {0,8809308} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab334D.tmp Handle ID: 1092 Operation ID: {0,8809303} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab334D.tmp Handle ID: 4272 Operation ID: {0,8809302} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab334D.tmp Handle ID: 4272 Operation ID: {0,8809295} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar334E.tmp Handle ID: 4272 Operation ID: {0,8809292} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab334D.tmp Handle ID: 4272 Operation ID: {0,8809288} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3864 Operation ID: {0,8809237} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3864 Operation ID: {0,8809167} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar334C.tmp Handle ID: 4272 Operation ID: {0,8809122} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab334B.tmp Handle ID: 4272 Operation ID: {0,8809117} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar334C.tmp Handle ID: 4272 Operation ID: {0,8809108} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4356 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar334C.tmp Handle ID: 1092 Operation ID: {0,8809093} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4356 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab334B.tmp Handle ID: 4272 Operation ID: {0,8809090} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab334B.tmp Handle ID: 4356 Operation ID: {0,8809089} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4356 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4356 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab334B.tmp Handle ID: 4356 Operation ID: {0,8809082} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4356 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar334C.tmp Handle ID: 4356 Operation ID: {0,8809079} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4356 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab334B.tmp Handle ID: 4356 Operation ID: {0,8809075} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1092 Operation ID: {0,8809042} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1092 Operation ID: {0,8809005} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3864 Operation ID: {0,8808964} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1604 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1604 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1604 Operation ID: {0,8808920} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4356 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4356 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4356 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4356 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar334A.tmp Handle ID: 4356 Operation ID: {0,8808895} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4356 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4356 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4356 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4356 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3349.tmp Handle ID: 4356 Operation ID: {0,8808890} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4356 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4356 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar334A.tmp Handle ID: 4356 Operation ID: {0,8808885} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4356 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1604 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1604 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1604 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4356 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar334A.tmp Handle ID: 1604 Operation ID: {0,8808866} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3349.tmp Handle ID: 4356 Operation ID: {0,8808863} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3349.tmp Handle ID: 4324 Operation ID: {0,8808862} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3349.tmp Handle ID: 4324 Operation ID: {0,8808857} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar334A.tmp Handle ID: 4324 Operation ID: {0,8808854} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3349.tmp Handle ID: 4324 Operation ID: {0,8808850} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3864 Operation ID: {0,8808799} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3864 Operation ID: {0,8808725} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3348.tmp Handle ID: 4272 Operation ID: {0,8808672} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3347.tmp Handle ID: 4272 Operation ID: {0,8808667} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3348.tmp Handle ID: 4272 Operation ID: {0,8808662} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3348.tmp Handle ID: 4324 Operation ID: {0,8808649} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3347.tmp Handle ID: 4272 Operation ID: {0,8808644} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3347.tmp Handle ID: 4440 Operation ID: {0,8808643} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3347.tmp Handle ID: 4440 Operation ID: {0,8808636} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3348.tmp Handle ID: 4440 Operation ID: {0,8808633} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3347.tmp Handle ID: 4440 Operation ID: {0,8808629} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4324 Operation ID: {0,8808596} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4324 Operation ID: {0,8808560} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3864 Operation ID: {0,8808519} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1604 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1604 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1604 Operation ID: {0,8808466} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3346.tmp Handle ID: 4440 Operation ID: {0,8808441} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3345.tmp Handle ID: 4440 Operation ID: {0,8808436} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3346.tmp Handle ID: 4440 Operation ID: {0,8808431} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1604 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1604 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1604 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3346.tmp Handle ID: 1604 Operation ID: {0,8808406} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3345.tmp Handle ID: 4440 Operation ID: {0,8808403} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3345.tmp Handle ID: 1600 Operation ID: {0,8808402} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3345.tmp Handle ID: 1600 Operation ID: {0,8808395} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3346.tmp Handle ID: 1600 Operation ID: {0,8808392} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3345.tmp Handle ID: 1600 Operation ID: {0,8808387} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3864 Operation ID: {0,8808336} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3864 Operation ID: {0,8808262} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1604 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1604 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1604 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1604 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3344.tmp Handle ID: 1604 Operation ID: {0,8808227} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1604 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1604 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1604 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1604 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3343.tmp Handle ID: 1604 Operation ID: {0,8808222} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1604 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1604 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3344.tmp Handle ID: 1604 Operation ID: {0,8808217} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1604 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1604 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3344.tmp Handle ID: 1600 Operation ID: {0,8808204} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3343.tmp Handle ID: 1604 Operation ID: {0,8808201} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3343.tmp Handle ID: 1092 Operation ID: {0,8808200} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3343.tmp Handle ID: 1092 Operation ID: {0,8808193} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3344.tmp Handle ID: 1092 Operation ID: {0,8808190} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3343.tmp Handle ID: 1092 Operation ID: {0,8808186} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1600 Operation ID: {0,8808153} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 1600 Operation ID: {0,8808117} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3864 Operation ID: {0,8808076} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3342.tmp Handle ID: 1600 Operation ID: {0,8808044} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3341.tmp Handle ID: 1600 Operation ID: {0,8808039} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3342.tmp Handle ID: 1600 Operation ID: {0,8808034} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4356 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3342.tmp Handle ID: 4076 Operation ID: {0,8808023} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4356 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3341.tmp Handle ID: 1600 Operation ID: {0,8808020} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3341.tmp Handle ID: 4356 Operation ID: {0,8808019} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4356 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4356 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3341.tmp Handle ID: 4356 Operation ID: {0,8808012} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4356 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3342.tmp Handle ID: 4356 Operation ID: {0,8808009} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4356 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3341.tmp Handle ID: 4356 Operation ID: {0,8808005} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3864 Operation ID: {0,8807954} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3864 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3864 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3864 Operation ID: {0,8807893} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3340.tmp Handle ID: 1092 Operation ID: {0,8807859} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab333F.tmp Handle ID: 1092 Operation ID: {0,8807856} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3340.tmp Handle ID: 1092 Operation ID: {0,8807851} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4356 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4356 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4356 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3340.tmp Handle ID: 4356 Operation ID: {0,8807836} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab333F.tmp Handle ID: 1092 Operation ID: {0,8807833} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab333F.tmp Handle ID: 4324 Operation ID: {0,8807832} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4324 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab333F.tmp Handle ID: 4324 Operation ID: {0,8807825} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3340.tmp Handle ID: 4324 Operation ID: {0,8807822} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4324 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab333F.tmp Handle ID: 4324 Operation ID: {0,8807818} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4356 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4356 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4356 Operation ID: {0,8807785} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4356 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4356 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4356 Operation ID: {0,8807749} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4356 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:34 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4356 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:34 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4356 Operation ID: {0,8807710} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3624 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar333E.tmp Handle ID: 3624 Operation ID: {0,8799180} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3624 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab333D.tmp Handle ID: 3624 Operation ID: {0,8799175} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar333E.tmp Handle ID: 3624 Operation ID: {0,8799170} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar333E.tmp Handle ID: 4440 Operation ID: {0,8799157} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab333D.tmp Handle ID: 3624 Operation ID: {0,8799152} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab333D.tmp Handle ID: 1092 Operation ID: {0,8799151} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab333D.tmp Handle ID: 1092 Operation ID: {0,8799144} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar333E.tmp Handle ID: 1092 Operation ID: {0,8799141} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab333D.tmp Handle ID: 1092 Operation ID: {0,8799137} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4152 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4152 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4152 Operation ID: {0,8799086} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4152 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4152 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4152 Operation ID: {0,8799025} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar333C.tmp Handle ID: 1092 Operation ID: {0,8798989} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab333B.tmp Handle ID: 1092 Operation ID: {0,8798983} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar333C.tmp Handle ID: 1092 Operation ID: {0,8798976} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1604 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar333C.tmp Handle ID: 3624 Operation ID: {0,8798963} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1604 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab333B.tmp Handle ID: 1092 Operation ID: {0,8798960} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab333B.tmp Handle ID: 1604 Operation ID: {0,8798959} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1604 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1604 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab333B.tmp Handle ID: 1604 Operation ID: {0,8798952} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1604 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar333C.tmp Handle ID: 1604 Operation ID: {0,8798949} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1604 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab333B.tmp Handle ID: 1604 Operation ID: {0,8798945} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3624 Operation ID: {0,8798912} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3624 Operation ID: {0,8798876} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4152 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4152 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4152 Operation ID: {0,8798835} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4076 Operation ID: {0,8798792} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3624 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar333A.tmp Handle ID: 3624 Operation ID: {0,8798765} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3624 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3339.tmp Handle ID: 3624 Operation ID: {0,8798758} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar333A.tmp Handle ID: 3624 Operation ID: {0,8798749} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar333A.tmp Handle ID: 4076 Operation ID: {0,8798736} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3339.tmp Handle ID: 3624 Operation ID: {0,8798733} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3339.tmp Handle ID: 1600 Operation ID: {0,8798732} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3339.tmp Handle ID: 1600 Operation ID: {0,8798725} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar333A.tmp Handle ID: 1600 Operation ID: {0,8798722} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3339.tmp Handle ID: 1600 Operation ID: {0,8798718} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4152 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4152 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4152 Operation ID: {0,8798667} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4152 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4152 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4152 Operation ID: {0,8798602} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3338.tmp Handle ID: 1600 Operation ID: {0,8798552} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3337.tmp Handle ID: 1600 Operation ID: {0,8798545} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3338.tmp Handle ID: 1600 Operation ID: {0,8798536} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1600 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1600 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3338.tmp Handle ID: 3624 Operation ID: {0,8798523} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3948 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3337.tmp Handle ID: 1600 Operation ID: {0,8798520} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3337.tmp Handle ID: 3948 Operation ID: {0,8798519} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3948 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3337.tmp Handle ID: 3948 Operation ID: {0,8798512} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3338.tmp Handle ID: 3948 Operation ID: {0,8798509} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3337.tmp Handle ID: 3948 Operation ID: {0,8798505} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3624 Operation ID: {0,8798472} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3624 Operation ID: {0,8798436} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4152 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4152 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4152 Operation ID: {0,8798395} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4288 Operation ID: {0,8798349} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3948 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3948 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3336.tmp Handle ID: 3948 Operation ID: {0,8798322} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3948 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3948 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3335.tmp Handle ID: 3948 Operation ID: {0,8798317} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3948 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3336.tmp Handle ID: 3948 Operation ID: {0,8798314} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3948 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3336.tmp Handle ID: 4288 Operation ID: {0,8798296} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3335.tmp Handle ID: 3948 Operation ID: {0,8798292} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3335.tmp Handle ID: 4440 Operation ID: {0,8798291} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3335.tmp Handle ID: 4440 Operation ID: {0,8798282} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3336.tmp Handle ID: 4440 Operation ID: {0,8798279} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3335.tmp Handle ID: 4440 Operation ID: {0,8798275} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4152 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4152 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4152 Operation ID: {0,8798222} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4152 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4152 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4152 Operation ID: {0,8798137} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3334.tmp Handle ID: 4288 Operation ID: {0,8798102} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3333.tmp Handle ID: 4288 Operation ID: {0,8798095} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3334.tmp Handle ID: 4288 Operation ID: {0,8798090} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3334.tmp Handle ID: 4440 Operation ID: {0,8798075} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3333.tmp Handle ID: 4288 Operation ID: {0,8798072} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3333.tmp Handle ID: 1092 Operation ID: {0,8798071} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3333.tmp Handle ID: 1092 Operation ID: {0,8798064} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3334.tmp Handle ID: 1092 Operation ID: {0,8798061} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3333.tmp Handle ID: 1092 Operation ID: {0,8798057} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4440 Operation ID: {0,8798024} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4440 Operation ID: {0,8797988} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4152 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4152 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4152 Operation ID: {0,8797945} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4272 Operation ID: {0,8797900} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3332.tmp Handle ID: 4440 Operation ID: {0,8797875} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3331.tmp Handle ID: 4440 Operation ID: {0,8797870} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3332.tmp Handle ID: 4440 Operation ID: {0,8797865} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4440 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4440 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3332.tmp Handle ID: 4272 Operation ID: {0,8797852} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3331.tmp Handle ID: 4440 Operation ID: {0,8797849} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3331.tmp Handle ID: 4076 Operation ID: {0,8797848} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3331.tmp Handle ID: 4076 Operation ID: {0,8797837} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3332.tmp Handle ID: 4076 Operation ID: {0,8797836} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3331.tmp Handle ID: 4076 Operation ID: {0,8797832} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4152 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4152 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4152 Operation ID: {0,8797781} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4152 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4152 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4152 Operation ID: {0,8797717} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3330.tmp Handle ID: 1092 Operation ID: {0,8797685} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab332F.tmp Handle ID: 1092 Operation ID: {0,8797680} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3330.tmp Handle ID: 1092 Operation ID: {0,8797675} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3330.tmp Handle ID: 4076 Operation ID: {0,8797662} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab332F.tmp Handle ID: 1092 Operation ID: {0,8797659} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab332F.tmp Handle ID: 3624 Operation ID: {0,8797658} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab332F.tmp Handle ID: 3624 Operation ID: {0,8797651} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3330.tmp Handle ID: 3624 Operation ID: {0,8797648} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab332F.tmp Handle ID: 3624 Operation ID: {0,8797644} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4076 Operation ID: {0,8797611} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4076 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4076 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4076 Operation ID: {0,8797575} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4152 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4152 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4152 Operation ID: {0,8797534} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3624 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar332E.tmp Handle ID: 3624 Operation ID: {0,8797489} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3624 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab332D.tmp Handle ID: 3624 Operation ID: {0,8797479} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar332E.tmp Handle ID: 3624 Operation ID: {0,8797470} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4272 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4272 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar332E.tmp Handle ID: 4272 Operation ID: {0,8797459} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3948 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab332D.tmp Handle ID: 3624 Operation ID: {0,8797454} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab332D.tmp Handle ID: 3948 Operation ID: {0,8797453} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3948 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab332D.tmp Handle ID: 3948 Operation ID: {0,8797446} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar332E.tmp Handle ID: 3948 Operation ID: {0,8797443} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab332D.tmp Handle ID: 3948 Operation ID: {0,8797439} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4152 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4152 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4152 Operation ID: {0,8797388} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4152 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4152 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4152 Operation ID: {0,8797318} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar332C.tmp Handle ID: 1092 Operation ID: {0,8797102} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab332B.tmp Handle ID: 1092 Operation ID: {0,8797097} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar332C.tmp Handle ID: 1092 Operation ID: {0,8797092} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1092 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1092 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar332C.tmp Handle ID: 3624 Operation ID: {0,8797056} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab332B.tmp Handle ID: 1092 Operation ID: {0,8797051} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab332B.tmp Handle ID: 4288 Operation ID: {0,8797050} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab332B.tmp Handle ID: 4288 Operation ID: {0,8797043} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar332C.tmp Handle ID: 4288 Operation ID: {0,8797040} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab332B.tmp Handle ID: 4288 Operation ID: {0,8797036} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3624 Operation ID: {0,8797003} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3624 Operation ID: {0,8796967} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 3624 Operation ID: {0,8796928} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar332A.tmp Handle ID: 3876 Operation ID: {0,8796717} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3329.tmp Handle ID: 3876 Operation ID: {0,8796712} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar332A.tmp Handle ID: 3876 Operation ID: {0,8796707} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3624 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3624 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar332A.tmp Handle ID: 3624 Operation ID: {0,8796693} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3329.tmp Handle ID: 3876 Operation ID: {0,8796690} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3329.tmp Handle ID: 4288 Operation ID: {0,8796689} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4288 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3329.tmp Handle ID: 4288 Operation ID: {0,8796677} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar332A.tmp Handle ID: 4288 Operation ID: {0,8796673} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4288 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3329.tmp Handle ID: 4288 Operation ID: {0,8796669} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4152 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:30 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4152 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:30 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4152 Operation ID: {0,8796618} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 4152 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 4152 Object Type: Key Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: Query key value Access Mask: 0x1 " 4/17/2020 11:39:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: Key Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet003\Control\Session Manager\Environment Handle ID: 4152 Operation ID: {0,8796540} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: Query key value Privileges: - Restricted Sid Count: 0 Access Mask: 0x1 " 4/17/2020 11:39:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:29 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3948 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3948 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3328.tmp Handle ID: 3948 Operation ID: {0,8796508} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:29 AM Security Success Audit Object Access 564 NT AUTHORITY\SYSTEM AERODB "Object Deleted: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3948 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: DELETE Access Mask: 0x10000 " 4/17/2020 11:39:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3948 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadAttributes Access Mask: 0x80 " 4/17/2020 11:39:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3327.tmp Handle ID: 3948 Operation ID: {0,8796503} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: DELETE ReadAttributes Privileges: SeBackupPrivilege SeRestorePrivilege Restricted Sid Count: 0 Access Mask: 0x10080 " 4/17/2020 11:39:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3948 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3328.tmp Handle ID: 3948 Operation ID: {0,8796500} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3948 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1604 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 3876 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteAttributes Access Mask: 0x100 " 4/17/2020 11:39:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3876 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 3948 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Tar3328.tmp Handle ID: 3876 Operation ID: {0,8796485} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) ReadEA WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x12019F " 4/17/2020 11:39:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1604 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: ReadData (or ListDirectory) Access Mask: 0x1 " 4/17/2020 11:39:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3327.tmp Handle ID: 3948 Operation ID: {0,8796480} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3327.tmp Handle ID: 1604 Operation ID: {0,8796479} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120089 " 4/17/2020 11:39:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1604 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe " 4/17/2020 11:39:29 AM Security Success Audit Object Access 567 NT AUTHORITY\SYSTEM AERODB "Object Access Attempt: Object Server: Security Handle ID: 1604 Object Type: File Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) Access Mask: 0x6 " 4/17/2020 11:39:29 AM Security Success Audit Object Access 560 NT AUTHORITY\SYSTEM AERODB "Object Open: Object Server: Security Object Type: File Object Name: C:\WINDOWS\Temp\Cab3327.tmp Handle ID: 1604 Operation ID: {0,8796467} Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe Primary User Name: AERODB$ Primary Domain: AIS Primary Logon ID: (0x0,0x3E7) Client User Name: - Client Domain: - Client Logon ID: - Accesses: READ_CONTROL SYNCHRONIZE WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) WriteEA ReadAttributes WriteAttributes Privileges: - Restricted Sid Count: 0 Access Mask: 0x120196 " 4/17/2020 11:39:29 AM Security Success Audit Object Access 562 NT AUTHORITY\SYSTEM AERODB "Handle Closed: Object Server: Security Handle ID: 1604 Process ID: 696 Image File Name: C:\Program Files\Webroot\WRSA.exe "